From 95538ee3e112abd86c963c246d994a533d2b366d Mon Sep 17 00:00:00 2001
From: dartraiden <wowemuh@gmail.com>
Date: Wed, 22 Mar 2023 14:58:20 +0300
Subject: libcurl: update to 8.0.1
---
libs/libcurl/docs/CHANGES | 12420 ++++++++++++++++-----------------
libs/libcurl/docs/THANKS | 25 +-
libs/libcurl/include/curl/curl.h | 7 +-
libs/libcurl/include/curl/curlver.h | 10 +-
libs/libcurl/include/curl/urlapi.h | 4 +-
libs/libcurl/libcurl.vcxproj | 8 +-
libs/libcurl/libcurl.vcxproj.filters | 10 +-
libs/libcurl/src/CMakeLists.txt | 23 -
libs/libcurl/src/Makefile.in | 138 +-
libs/libcurl/src/Makefile.inc | 6 +-
libs/libcurl/src/cf-http.c | 518 --
libs/libcurl/src/cf-http.h | 58 -
libs/libcurl/src/cf-https-connect.c | 569 ++
libs/libcurl/src/cf-https-connect.h | 58 +
libs/libcurl/src/cf-socket.c | 147 +-
libs/libcurl/src/cf-socket.h | 7 -
libs/libcurl/src/cfilters.c | 36 +-
libs/libcurl/src/cfilters.h | 19 +-
libs/libcurl/src/config-win32.h | 17 +-
libs/libcurl/src/conncache.c | 14 +-
libs/libcurl/src/connect.c | 35 +-
libs/libcurl/src/content_encoding.c | 8 +
libs/libcurl/src/cookie.c | 246 +-
libs/libcurl/src/curl_config.h.in | 3 +
libs/libcurl/src/curl_gssapi.c | 10 +-
libs/libcurl/src/curl_log.c | 2 +-
libs/libcurl/src/curl_path.c | 75 +-
libs/libcurl/src/curl_setup.h | 14 +-
libs/libcurl/src/curl_setup_once.h | 8 +
libs/libcurl/src/doh.c | 2 +-
libs/libcurl/src/dynbuf.c | 3 +-
libs/libcurl/src/easy.c | 1 -
libs/libcurl/src/ftp.c | 154 +-
libs/libcurl/src/ftp.h | 5 +
libs/libcurl/src/ftplistparser.c | 43 +-
libs/libcurl/src/ftplistparser.h | 34 +
libs/libcurl/src/headers.c | 17 +-
libs/libcurl/src/hostasyn.c | 2 +-
libs/libcurl/src/hostip.c | 91 +-
libs/libcurl/src/hostip.h | 2 +-
libs/libcurl/src/http.c | 175 +-
libs/libcurl/src/http2.c | 351 +-
libs/libcurl/src/http_aws_sigv4.c | 190 +-
libs/libcurl/src/http_proxy.c | 12 +-
libs/libcurl/src/idn.c | 5 +
libs/libcurl/src/inet_ntop.c | 13 +-
libs/libcurl/src/inet_pton.c | 15 +-
libs/libcurl/src/krb5.c | 8 +-
libs/libcurl/src/ldap.c | 8 +
libs/libcurl/src/libcurl.plist | 6 +-
libs/libcurl/src/mqtt.c | 5 +-
libs/libcurl/src/multi.c | 103 +-
libs/libcurl/src/parsedate.c | 159 +-
libs/libcurl/src/progress.c | 13 +-
libs/libcurl/src/rand.c | 9 +
libs/libcurl/src/rtsp.c | 15 +-
libs/libcurl/src/select.c | 4 +-
libs/libcurl/src/setopt.c | 6 +-
libs/libcurl/src/sigpipe.h | 1 -
libs/libcurl/src/smb.c | 3 +-
libs/libcurl/src/telnet.c | 179 +-
libs/libcurl/src/transfer.c | 21 +-
libs/libcurl/src/url.c | 96 +-
libs/libcurl/src/urlapi.c | 31 +-
libs/libcurl/src/urldata.h | 16 +-
libs/libcurl/src/version.c | 11 +-
libs/libcurl/src/vquic/curl_msh3.c | 23 +-
libs/libcurl/src/vquic/curl_ngtcp2.c | 61 +-
libs/libcurl/src/vquic/curl_quiche.c | 51 +-
libs/libcurl/src/vquic/vquic.c | 7 +-
libs/libcurl/src/vssh/libssh.c | 54 +-
libs/libcurl/src/vssh/libssh2.c | 15 +-
libs/libcurl/src/vssh/ssh.h | 4 +-
libs/libcurl/src/vtls/nss.c | 32 +-
libs/libcurl/src/vtls/openssl.c | 59 +-
libs/libcurl/src/vtls/schannel.c | 141 +-
libs/libcurl/src/vtls/sectransp.c | 107 +-
libs/libcurl/src/vtls/vtls.c | 48 +-
libs/libcurl/src/vtls/wolfssl.c | 39 +-
libs/libcurl/src/vtls/x509asn1.c | 4 +-
libs/libcurl/src/wildcard.c | 75 -
libs/libcurl/src/wildcard.h | 70 -
libs/libcurl/src/ws.c | 7 -
83 files changed, 8587 insertions(+), 8514 deletions(-)
delete mode 100644 libs/libcurl/src/cf-http.c
delete mode 100644 libs/libcurl/src/cf-http.h
create mode 100644 libs/libcurl/src/cf-https-connect.c
create mode 100644 libs/libcurl/src/cf-https-connect.h
delete mode 100644 libs/libcurl/src/wildcard.c
delete mode 100644 libs/libcurl/src/wildcard.h
diff --git a/libs/libcurl/docs/CHANGES b/libs/libcurl/docs/CHANGES
index 4a84f08c70..a9e2dcf620 100644
--- a/libs/libcurl/docs/CHANGES
+++ b/libs/libcurl/docs/CHANGES
@@ -6,10190 +6,9882 @@
Changelog
-Version 7.88.1 (20 Feb 2023)
+Version 8.0.1 (20 Mar 2023)
-Daniel Stenberg (20 Feb 2023)
+Daniel Stenberg (20 Mar 2023)
- RELEASE-NOTES: synced
- 7.88.1 release
+ curl 8.0.1
-- THANKS: add contributors from 7.88.1
+- Revert "multi: remove PENDING + MSGSENT handles from the main linked list"
-- socketpair: allow EWOULDBLOCK when reading the pair check bytes
+ This reverts commit f6d6f3ce01e377932f1ce7c24ee34d45a36950b8.
- Reported-by: Gunamoi Software
- Co-authored-by: Jay Satiro
- Fixes #10561
- Closes #10562
+ The commits caused issues in the 8.0.0 release. Needs a retake.
-Jay Satiro (18 Feb 2023)
+ Reported-by: Kamil Dudka
+ Closes #10795
-- tool_operate: fix scanbuild compiler warning
+- include/curl/curlver.h: bump to 8.0.1
- Prior to this change Azure CI scanbuild warned of a potential NULL
- pointer string passed to strtol when CURLDEBUG enabled, even though the
- way the code was written it wouldn't have happened.
+Version 8.0.0 (20 Mar 2023)
- Bug: https://github.com/curl/curl/commit/5479d991#r101159711
- Reported-by: Marcel Raad
+Daniel Stenberg (20 Mar 2023)
- Closes https://github.com/curl/curl/pull/10559
+- RELEASE-NOTES: synced
-- curl_setup: Suppress OpenSSL 3 deprecation warnings
+ The curl 8.0.0 release
- - Define OPENSSL_SUPPRESS_DEPRECATED.
+- THANKS: from the 8.0.0 release
- OpenSSL 3 has deprecated some of the functions libcurl uses such as
- those with DES, MD5 and ENGINE prefix. We don't have replacements for
- those functions so the warnings were disabled in autotools and cmake
- builds, but still showed in other builds.
+- scripts/delta: fix "ambiguous argument" when used in branches
- Closes https://github.com/curl/curl/pull/10543
+- SECURITY-PROCESS.md: Busy-loops are not security problems
-- build-openssl.bat: keep OpenSSL 3 engine binaries
+ Closes #10790
- Prior to this change copying the OpenSSL 3 engine binaries failed
- because 'engines-1_1' (OpenSSL 1.1.x folder name) was erroneously used
- instead of 'engines-3'. The OpenSSL 3 builds would complete successfully
- but without the engine binaries.
+Stefan Eissing (17 Mar 2023)
- Closes https://github.com/curl/curl/pull/10542
+- tests/http: do not save files for downloads in scorecard testing
-ALittleDruid (18 Feb 2023)
+ Closes #10788
-- cmake: fix Windows check for CryptAcquireContext
+Daniel Stenberg (17 Mar 2023)
- Check for CryptAcquireContext in windows.h and wincrypt.h only, since
- otherwise this check may fail due to third party headers not found.
+- cf-socket: use port 80 when resolving name for local bind
- Closes https://github.com/curl/curl/pull/10353
+ It turns out c-ares returns an error when asked to resolve a host name with
+ ares_getaddrinfo using port number 0.
-Daniel Stenberg (19 Feb 2023)
+ Reported as a c-ares bug here: https://github.com/c-ares/c-ares/issues/517
-- remote-header-name.d: mention that filename* is not supported
+ The work-around is to simply use port 80 instead, as the number typically doe
+ s
+ not make a difference and a non-zero number works for c-ares.
- and that you can use --clobber to allow overwriting.
+ Fixes #10759
+ Reported-by: Matt Jolly
+ Closes #10789
- Ref: #10533
- Closes #10555
+- curl.h: require gcc 12.1 for the deprecation magic
- Co-authored-by: Jay Satiro <raysatiro@yahoo.com>
+ Reported-by: kchow-FTNT on github
+ Fixes #10726
+ Closes #10784
-Pierrick Charron (18 Feb 2023)
+- Revert "rtsp: use dynbuf instead of custom reallocs"
-- CURLOPT_WS_OPTIONS.3: fix the availability version
+ This reverts commit 1b9ea3239d22147e00d8 because of OSS-fuzz reports.
+ I'll do another take after the pending release.
- Closes #10557
+ Closes #10785
-Jacob Hoffman-Andrews (18 Feb 2023)
+- test422: verify --next used without a prior URL
-- GHA: update rustls dependency to 0.9.2
+ Closes #10782
- This allows re-enabling test 312 for the rustls backend.
+- tool_getparam: error if --next is used without a prior URL
- Closes #10553
+ Reported-by: 積丹尼 Dan Jacobson
+ Ref: https://github.com/curl/curl/pull/10769#discussion_r1137895629
-Philip Heiduck (18 Feb 2023)
+ Closes #10782
-- HTTP3.md: update git branches
+- libssh: use dynbuf instead of realloc
- Closes #10554
+ When building lines to show for SFTP directory listings.
-Stefan Eissing (17 Feb 2023)
+ Closes #10778
-- urldata: remove `now` from struct SingleRequest - not needed
+- lib2305: deal with CURLE_AGAIN
- Closes #10549
+ The test does a slightly ugly busy-loop for this case but should be
+ managable due to it likely being a very short moment.
-Daniel Stenberg (17 Feb 2023)
+ Mention CURLE_AGAIN in curl_ws_recv.3
-- lib1560: add IPv6 canonicalization tests
+ Fixes #10760
+ Reported-by: Jay Satiro
+ Closes #10781
- Closes #10552
+- rtsp: use dynbuf instead of custom reallocs
-- RELEASE-NOTES: synced
+ For the RTP buffering.
-- urlapi: do the port number extraction without using sscanf()
+ Closes #10776
- - sscanf() is rather complex and slow, strchr() much simpler
+- libssh2: remove unused variable from libssh2's struct
- - the port number function does not need to fully verify the IPv6 address
- anyway as it is done later in the hostname_check() function and doing
- it twice is unnecessary.
+ Closes #10777
- Closes #10541
+- RELEASE-NOTES: synced
-Stefan Eissing (17 Feb 2023)
+- multi: remove PENDING + MSGSENT handles from the main linked list
-- setopt: allow HTTP3 when HTTP2 is not defined
+ As they are not driving transfers or any socket activity, the main loop
+ does not need to iterate over these handles. A performance improvement.
- Reported-by: Karthikdasari0423 on github
- Fixes #10538
- Closes #10544
+ They are instead only held in their own separate lists.
-Jon Rumsey (17 Feb 2023)
+ Assisted-by: Stefan Eissing
+ Ref: #10743
+ Closes #10762
-- os400: correct Curl_os400_sendto()
+- multi: turn link/unlinking easy handles into dedicated functions
- Add const qualifier to 5th argument of Curl_os400_sendto()
+- http_aws_sigv4: fix scan-build "value stored to 'ret' is never read"
- Make OS400 wrapper for sendto match the normal prototype of sendto()
- with a const qualifier.
+ Follow-up to 495d09810aa9a
- Fixes #10539
- Closes #10548
+ Closes #10766
-Stefan Eissing (17 Feb 2023)
+- lib: skip Curl_llist_destroy calls
-- tests-httpd: add proxy tests
+ Linked lists themselves do not carry any allocations, so for the lists
+ that do not have have a set destructor we can just skip the
+ Curl_llist_destroy() call and save CPU time.
- for direct and tunneling checks on http: and https:
+ Closes #10764
- Closes #10519
+- lib643: LIB644 is never defined, this is dead code
-Daniel Stenberg (17 Feb 2023)
+ Closes #10765
-- curl: make --silent work stand-alone
+- libtest/Makefile.inc: remove superfluous variables
- - renamed the struct field to 'silent' to match the cmdline option
- - make --show-error toggle independently of --silent
- - make --silent independent of ->noprogress as well
+ Rely on the defaults when possible.
- By doing this, the three options --silent, --no-progress-meter and
- --show-error should work independently of each other and also work with
- and without '--no-' prefix as documented.
+ Closes #10765
- Reported-by: u20221022 on github
- Fixes #10535
- Closes #10536
+- tests/http: remove year ranges from copyrights
-- socks: allow using DoH to resolve host names
+ Closes #10763
- For SOCKS modes where a local host resolve is done.
+Casey Bodley (14 Mar 2023)
- It was previously disabled in 12d655d4561, but a few local tests seem to
- indicate that it works fine. Works now because of the SOCKS refactor of
- 4a4b63daaa01ef59 that made it non-blocking.
+- aws_sigv4: fall back to UNSIGNED-PAYLOAD for sign_as_s3
- Reported-by: roughtex on github
- Fixes #10537
- Closes #10540
+ all s3 requests default to UNSIGNED-PAYLOAD and add the required
+ x-amz-content-sha256 header. this allows CURLAUTH_AWS_SIGV4 to correctly
+ sign s3 requests to amazon with no additional configuration
-Stefan Eissing (17 Feb 2023)
+ Signed-off-by: Casey Bodley <cbodley@redhat.com>
-- test: add test for HTTP/2 corruption as reported in #10525
+ Closes #9995
- - adding test_02_20 for reproducing the situation
- - using recently released mod_h2 Apache module
- - skipping test if an older version is installed
- - adding installation of current mod_h2 to github pytest workflow
+Viktor Szakats (14 Mar 2023)
- This reproduces the error reliable (for me) on the lib/http2.c version
- of curl 7.88.0. And passes with the recent curl master.
+- wolfssl: add quic/ngtcp2 detection in cmake, and fix builds
- Closes #10534
+ - add QUIC/ngtcp2 detection in CMake with wolfSSL.
-Daniel Stenberg (16 Feb 2023)
+ Because wolfSSL uses zlib if available, move compression detection
+ before TLS detection. (OpenSSL might also need this in the future.)
-- tool_operate: allow debug builds to set buffersize
+ - wolfSSL 5.5.0 started using C99 types in its `quic.h` header, but it
+ doesn't #include the necessary C99 header itself, breaking builds
+ (unless another dependency pulled it by chance.) Add local workaround
+ for it. For this to work with all build tools, we had to fix our
+ header detection first. Ref: #10745
- Using the CURL_BUFFERSIZE environment variable.
+ Ref: https://github.com/curl/curl-for-win/commit/6ad5f6ecc15620c15625fc4434
+ 76b3a1ecef4f3f
- Closes #10532
+ Closes #10739
-Stefan Eissing (16 Feb 2023)
+Stefan Eissing (14 Mar 2023)
-- connnect: fix timeout handling to use full duration
+- secure-transport: fix recv return code handling
- - connect timeout was used at half the configured value, if the
- destination had 1 ip version 4 and other version 6 addresses
- (or the other way around)
- - extended test2600 to reproduce these cases
+ Return code handling of recv calls were not always correct when an error
+ occured or the connection was closed.
- Reported-by: Michael Kaufmann
- Fixes #10514
- Closes #10517
+ Closes #10717
-Daniel Stenberg (16 Feb 2023)
+- http2: Use KEEP_SEND_HOLD for flow control in HTTP/2
-- tool_getparam: make --get a true boolean
+ - use the defined, but so far not used, KEEP_SEND_HOLD bit for flow
+ control based suspend of sending in transfers.
- To match how it is documented in the man page.
+ Prior to this change KEEP_SEND_PAUSE bit was used instead, but that can
+ interfere with pausing streams from the user side via curl_easy_pause.
- Fixes #10527
- Reported-by: u20221022 on github
- Closes #10531
+ Fixes https://github.com/curl/curl/issues/10751
+ Closes https://github.com/curl/curl/pull/10753
-Harry Sintonen (16 Feb 2023)
+Dan Fandrich (13 Mar 2023)
-- http:: include stdint.h more readily
+- tests: fix control code that hid some text in runtests.1
- Closes #10516
+- tests: sync option lists in runtests.pl & its man page
-Stefan Eissing (16 Feb 2023)
+Daniel Stenberg (13 Mar 2023)
-- tests: make the telnet server shut down a socket gracefully
+- multi: make multi_perform ignore/unignore signals less often
- - test 1452 failed occasionally with ECONNRESET errnos in curl when the
- server closed the connection in an unclean state.
+ For improved performance
- Closes #10509
+ Reported-by: Jerome St-Louis
+ Ref: #10743
+ Closes #10750
-Harry Sintonen (16 Feb 2023)
+Viktor Szakats (13 Mar 2023)
-- http2: set drain on stream end
+- cmake: delete unused HAVE__STRTOI64
- Ensure that on_frame_recv() stream end will trigger a read if there is
- pending data. Without this it could happen that the pending data is
- never consumed.
+ Also delete obsolete surrounding comments.
- This combined with https://github.com/curl/curl/pull/10529 should fix
- https://github.com/curl/curl/issues/10525
+ Reviewed-by: Daniel Stenberg
+ Closes #10756
- Ref: https://github.com/curl/curl/issues/10525
- Closes #10530
+- CI: fix copyright header
-Stefan Eissing (16 Feb 2023)
+ Follow-up to 395b9175b7422d699fa93643973295c106cdf147
-- http2: buffer/pausedata and output flush fix.
+Daniel Stenberg (13 Mar 2023)
- * do not process pending input data when copying pausedata to the
- caller
- * return CURLE_AGAIN if the output buffer could not be completely
- written out.
+- RELEASE-PROCEDURE.md: update coming release dates
- Ref: #10525
- Closes #10529
+Stefan Eissing (13 Mar 2023)
-Marcel Raad (16 Feb 2023)
+- tests/http: add pytest to GHA and improve tests
-- krb5: silence cast-align warning
+ - added to: ngtcp2-quictls, ngtcp2-gnutls and the linux varians
+ quiche, bearssl, libressl, mbedtls, openssl3, rustls
+ - added disabled in ngtcp2-wolfssl due to weird SSL_connect() errors
+ not reproducable locally
- Add an intermediate cast to `void *`, as done everywhere else when
- casting from `sockaddr *` to `sockaddr_in *`.
+ Improvements on pytest:
- Closes https://github.com/curl/curl/pull/10528
+ - handling of systems with nghttpx in $PATH
+ - configure will seach $PATH got nghttpx used in pytest
+ - pytest fixes for managing nghttpx without h3 support
+ - ngtcp2-wolfssl: use a fully enabled wolfssl build
-Daniel Stenberg (15 Feb 2023)
+ - lower parallel count for http/1.1 tests, since we do not
+ want to test excessive connections.
+ - check built curl for HTTPS-proxy support in proxy tests
+ - bearssl does not like one of our critical cert extensions, making
+ it non-critical now
+ - bearssl is too slow for test_12, skipping
+ - making sure we do h3 tests only when curl and server support is there
-- RELEASE-NOTES: synced
+ Closes #10699
- bumped to 7.88.1
+Marcel Raad (13 Mar 2023)
-- tests: make sure gnuserv-tls has SRP support before using it
+- tool_operate: silence unused parameter warning
- Reported-by: fundawang on github
- Fixes #10522
- Closes #10524
+ `global` is only used in the `my_setopt` macro version without
+ `CURL_DISABLE_LIBCURL_OPTION` since commit 4774decf10a.
-- runtests: fix "uninitialized value $port"
+ Closes https://github.com/curl/curl/pull/10752
- by using a more appropriate variable
+Viktor Szakats (13 Mar 2023)
- Reported-by: fundawang on github
- Fixes #10518
- Closes #10520
+- build: fix stdint/inttypes detection with non-autotools
-Version 7.88.0 (15 Feb 2023)
+ Fix `stdint.h` and `inttypes.h` detection with non-autotools builds on
+ Windows. (autotools already auto-detected them accurately.)
-Daniel Stenberg (15 Feb 2023)
+ `lib/config-win32.h` builds (e.g. `Makefile.mk`):
+ - set `HAVE_STDINT_H` where supported.
+ - set `HAVE_INTTYPES_H` for MinGW.
-- RELEASE-NOTES: synced
+ CMake:
+ - auto-detect them on Windows. (They were both force-disabled.)
+ - delete unused `CURL_PULL_STDINT_H`.
+ - delete unused `CURL_PULL_INTTYPES_H`.
+ - stop detecting `HAVE_STDINT_H` twice.
+ Present since the initial CMake commit: 4c5307b45655ba75ab066564afdc0c111a8
+ b9291
- 7.88.0 release
+ curl doesn't use these C99 headers, we need them now to workaround
+ broken wolfSSL builds. Ref: #10739
-- THANKS: added contributors from 7.88.0
+ Once that clears up, we can delete these detections and macros (unless
+ we want to keep them for future us.)
-- openssl: rename 'errcode_t' to 'sslerr_t'
+ Reviewed-by: Daniel Stenberg
+ Closes #10745
- Turns out "/usr/include/et/com_err.h" typedefs this type (without proper
- variable scoping).
+Daniel Stenberg (13 Mar 2023)
- comerr is the "common error description library" that apparently might be use
- d
- by krb5 code, which then makes this header get used in a curl build.
+- RELEASE-NOTES: synced
- Reported-by: Bruno Henrique Batista Cruz da Silva
- Fixed #10502
- Closes #10500
+- ftp: add more conditions for connection reuse
-Dan Fandrich (13 Feb 2023)
+ Reported-by: Harry Sintonen
+ Closes #10730
-- CONTRIBUTE: More formally specify the commit description
+Dan Fandrich (12 Mar 2023)
- This codifies what people have actually used in git commits over the
- past 6 years. I've left off some lesser-used headers that appear to
- duplicate others and tried to describe a consistent use for several
- others that were used more arbitrarily.
+- tests: make first.c the same for both lib tests and unit tests
- This makes it easier for new committers to find out the kinds of things
- we want to acknowledge, makes it easier to perform statistical analysis
- on commits, and opens the possibility of performing lint checks on
- descriptions before submission.
+ The only difference used to be global variable used in unittest tests.
+ After cb7ed5a removed individual flag overrides for the unittests, first.c
+ was no longer recompiled for unit tests to include the flag, so whether it
+ worked or gave a link error depended on whether it was compiled in
+ libtest or unittest first. This way also speeds up the build by
+ eliminating 40 identical compile invocations.
- Reviewed-by: Daniel Stenberg
- Reviewed-by: Jay Satiro
+ Fixes #10749
- Closes #10478
+- tests: use AM_CPPFILES to modify flags in unit tests
-Stefan Eissing (13 Feb 2023)
+ Using CPPFLAGS sometimes caused odd compile issues when building tests
+ with parallel make and AM_CPPFILES is the right flag, anyway.
-- openssl: test and fix for forward proxy handling (non-tunneling).
+ Follow-up to cb7ed5a
- - adding pytest test_10 cases for proxy httpd setup tests
- - fixing openssl bug in https: proxy hostname verification that
- used the hostname of the request and not the proxy name.
+ Ref #10749
- Closes #10498
+Viktor Szakats (13 Mar 2023)
-Daniel Stenberg (13 Feb 2023)
+- Makefile.mk: fix -g option in debug mode [ci skip]
-- cmdline-opts/Makefile: on error, do not leave a partial
+ Add it to `CFLAGS` (was: `LDFLAGS`).
- And support 'make V=1' to show the full command line
+ Closes #10747
- Closes #10497
+Jay Satiro (12 Mar 2023)
-- curl.1: make help, version and manual sections "custom"
+- tool: improve --stderr handling
- Instead of using "multi: boolean", as these are slightly special as in
- they do are not enable/disable ones.
+ - freopen stderr with the user-specified file (--stderr file) instead of
+ using a separate 'errors' stream.
- Fixes #10490
- Reported-by: u20221022 on github
- Closes #10497
+ - In tool_setup.h override stdio.h's stderr macro as global variable
+ tool_stderr.
-Stefan Eissing (13 Feb 2023)
+ Both freopen and overriding the stderr macro are necessary because if
+ the user-specified filename is "-" then stdout is assigned to
+ tool_stderr and no freopen takes place. See the PR for more information.
-- tests: add tests for HTTP/2 and HTTP/3 to verify the header API
+ Ref: https://github.com/curl/curl/issues/10491
- Test 2403 and 2503 check "header_json" output and therefore use of
- header-api
+ Closes https://github.com/curl/curl/pull/10673
- Closes #10495
+Dan Fandrich (11 Mar 2023)
-Philip Heiduck (13 Feb 2023)
+- CI: don't run CI jobs if only another CI was changed
-- CI: update wolfssl / wolfssh to 5.5.4 / 1.4.12
+ Also skip builds on non-Windows platforms when only Windows build files
+ have changed.
- Closes #10493
+ This should reduce the number of useless builds and the associated
+ waiting time and chance of spurious failures, freeing resources for
+ new PRs.
-Daniel Stenberg (13 Feb 2023)
+ Closes #10742
-- KNOW_BUGS: cleanups with some changed to TODOs
+- http: don't send 100-continue for short PUT requests
- - remove "Excessive HTTP/2 packets with TCP_NODELAY"
+ This is already how curl is documented to behave in Everything curl, but
+ in actuality only short POSTs skip this. This should knock 30 seconds
+ off a full run of the test suite since the 100-continue timeout will no
+ longer be hit.
- This is not a bug. Rather room for improvement.
+ Closes #10740
- I believe these have been fixed:
+- tests: add DELAY keyword to more tests using waits
- - 17.4 Connection failures with parallel HTTP/2
- - 17.5 HTTP/2 connections through HTTPS proxy frequently stall
+- tests: hack to build most unit tests under cmake
- - remove "FTPS needs session reuse"
+ These are only built when a libcurl static library is available, since
+ we're not building a special libcurlu library yet and these tests rely
+ on private symbols that aren't available in the shared library. A few
+ unit tests do require libcurlu, so those are not built.
- That is still true, but curl should also do session reuse now.
+ Closes #10722
- - remove "ASCII FTP"
+- tests: fix MSVC unreachable code warnings in unit tests
- It is documented behavior, and not single user has asked for extended
- functionality here the last decade or so.
+ Switch unit1654 to use the proper test macros as well.
- - remove "Passive transfer tries only one IP address"
+- tests: make CPPFLAGS common to all unit tests
- add as a TODO
+ There's no need to specify them individually.
- - remove "DoH leaks memory after followlocation"
+- tests: keep cmake unit tests names in sync
- With a recipe on how to reproduce, this is pointless to keep around
+ Put only the test names into Makefile.inc so they can be used by both
+ cmake and automake. This will prevent the list of tests from becoming
+ out of date when they are also built under cmake.
- - remove "DoH does not inherit all transfer options"
+Viktor Szakats (11 Mar 2023)
- add it as a TODO
+- src: silence wmain() warning for all build methods
- Closes #10487
+ llvm/clang and gcc doesn't recognize the wmain() function in Unicode
+ Windows builds:
-Tatsuhiro Tsujikawa (13 Feb 2023)
+ llvm/clang:
+ ```
+ ../../src/tool_main.c:239:5: warning: no previous prototype for function 'wma
+ in' [-Wmissing-prototypes]
+ int wmain(int argc, wchar_t *argv[])
+ ^
+ 1 warning generated.
+ ```
-- GHA: bump ngtcp2 workflow dependencies
+ gcc:
+ ```
+ ../../src/tool_main.c:239:5: warning: no previous prototype for 'wmain' [-Wmi
+ ssing-prototypes]
+ 239 | int wmain(int argc, wchar_t *argv[])
+ | ^~~~~
+ ```
- Closes #10494
+ Before this patch, we already silenced it with CMake. This patch moves
+ the silencing to the source, so that it applies to all build tools.
-Patrick Monnerat (13 Feb 2023)
+ Bug: https://github.com/curl/curl/issues/7229#issuecomment-1464806651
-- content_encoding: do not reset stage counter for each header
+ Reviewed-by: Marcel Raad
+ Closes #10744
- Test 418 verifies
+Dan Fandrich (10 Mar 2023)
- Closes #10492
+- CI: fix retrying on brew failures
-Daniel Stenberg (13 Feb 2023)
+ The previous attempt didn't consider that the shell would exit
+ immediately after the false statement in the retry case.
-- RELEASE-NOTES: synced
+ Follow-up to dc141a37
-Jay Satiro (13 Feb 2023)
+Stefan Eissing (10 Mar 2023)
-- multi: stop sending empty HTTP/3 UDP datagrams on Windows
+- http2: fix error handling during parallel operations
- - Limit the 0-sized send procedure that is used to reset a SOCKET's
- FD_WRITE to TCP sockets only.
+ RST and connection close were not handled correctly during parallel
+ transfers, leading to aborted response bodies being reported complete.
- Prior to this change the reset was used on UDP sockets as well, but
- unlike TCP sockets a 0-sized send actually sends out a datagram.
+ Closes #10715
- Assisted-by: Marc Hörsken
+Daniel Stenberg (10 Mar 2023)
- Ref: https://github.com/curl/curl/pull/9203
+- url: only reuse connections with same GSS delegation
- Fixes https://github.com/curl/curl/issues/9086
- Closes https://github.com/curl/curl/pull/10430
+ Reported-by: Harry Sintonen
+ Closes #10731
-Viktor Szakats (12 Feb 2023)
+Viktor Szakats (10 Mar 2023)
-- h3: silence compiler warnings
+- lib: silence clang/gcc -Wvla warnings in brotli headers
- Reviewed-by: Daniel Stenberg
- Fixes #10485
- Closes #10486
+ brotli v1.0.0 throughout current latest v1.0.9 and latest master [1]
+ trigger this warning.
-Daniel Stenberg (12 Feb 2023)
+ It happened with CMake and GNU Make. autotools builds avoid it with
+ the `convert -I options to -isystem` macro.
-- smb: return error on upload without size
+ llvm/clang:
+ ```
+ In file included from ./curl/lib/content_encoding.c:36:
+ ./brotli/x64-ucrt/usr/include/brotli/decode.h:204:34: warning: variable lengt
+ h array used [-Wvla]
+ const uint8_t encoded_buffer[BROTLI_ARRAY_PARAM(encoded_size)],
+ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ ./brotli/x64-ucrt/usr/include/brotli/port.h:253:34: note: expanded from macro
+ 'BROTLI_ARRAY_PARAM'
+ ^~~~~~
+ In file included from ./curl/lib/content_encoding.c:36:
+ ./brotli/x64-ucrt/usr/include/brotli/decode.h:206:48: warning: variable lengt
+ h array used [-Wvla]
+ uint8_t decoded_buffer[BROTLI_ARRAY_PARAM(*decoded_size)]);
+ ~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
+ ./brotli/x64-ucrt/usr/include/brotli/port.h:253:35: note: expanded from macro
+ 'BROTLI_ARRAY_PARAM'
+ ~^~~~~
+ ```
- The protocol needs to know the size ahead of time, this is now a known
- restriction and not a bug.
+ gcc:
+ ```
+ In file included from ./curl/lib/content_encoding.c:36:
+ ./brotli/x64-ucrt/usr/include/brotli/decode.h:204:5: warning: ISO C90 forbids
+ variable length array 'encoded_buffer' [-Wvla]
+ 204 | const uint8_t encoded_buffer[BROTLI_ARRAY_PARAM(encoded_size)],
+ | ^~~~~
+ ./brotli/x64-ucrt/usr/include/brotli/decode.h:206:5: warning: ISO C90 forbids
+ variable length array 'decoded_buffer' [-Wvla]
+ 206 | uint8_t decoded_buffer[BROTLI_ARRAY_PARAM(*decoded_size)]);
+ | ^~~~~~~
+ ```
- Also output a clearer error if the URL path does not contain proper
- share.
+ [1] https://github.com/google/brotli/commit/ed1995b6bda19244070ab5d331111f16f
+ 67c8054
- Ref: #7896
- Closes #10484
+ Reviewed-by: Daniel Stenberg
+ Reviewed-by: Marcel Raad
+ Closes #10738
-Viktor Szakats (12 Feb 2023)
+Daniel Stenberg (10 Mar 2023)
-- windows: always use curl's basename() implementation
+- curl_path: create the new path with dynbuf
- The `basename()` [1][2] implementation provided by mingw-w64 [3] makes
- assumptions about input encoding and may break with non-ASCII strings.
+ Closes #10729
- `basename()` was auto-detected with CMake, autotools and since
- 68fa9bf3f5d7b4fcbb57619f70cb4aabb79a51f6 (2022-10-13), also in
- `Makefile.mk` after syncing its behaviour with the mainline build
- methods. A similar patch for curl-for-win broke official Windows
- builds earlier, in release 7.83.1_4 (2022-06-15).
+- url: remove dummy protocol handler
- This patch forces all Windows builds to use curl's internal
- `basename()` implementation to avoid such problems.
+ Just two added checks were needed saves a whole handler struct.
- [1]: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/basename.html
- [2]: https://www.man7.org/linux/man-pages/man3/basename.3.html
- [3]: https://sourceforge.net/p/mingw-w64/mingw-w64/ci/master/tree/mingw-w64-c
- rt/misc/basename.c
+ Closes #10727
- Reported-by: UnicornZhang on Github
- Assisted-by: Cherish98 on Github
- Reviewed-by: Daniel Stenberg
+Dan Fandrich (10 Mar 2023)
- Fixes #10261
- Closes #10475
+- CI: retry a failed brew update too, not just brew install
-Philip Heiduck (12 Feb 2023)
+ Also, make sure an eventual failure ends up returning a failure code so
+ the job stops.
-- Linux CI: Bump rustls-ffi to v0.9.1
+Daniel Stenberg (10 Mar 2023)
- Closes #10476
+- url: fix the SSH connection reuse check
-Daniel Stenberg (12 Feb 2023)
+ Reported-by: Harry Sintonen
+ Closes #10735
-- libtest: build lib2305 with multibyte as well
+- CURLOPT_PROXY.3: curl+NSS does not handle HTTPS over unix domain socket
- Fixes a build regression.
+ It results in error "NSS error -5985 (PR_ADDRESS_NOT_SUPPORTED_ERROR)"
- Follow-up to 5a9a04d5567
- Reported-by: Viktor Szakats
- Ref: https://github.com/curl/curl/pull/10475#issuecomment-1426831800
+ Disabled test 1470 for NSS builds and documented the restriction.
- Closes #10477
+ Reported-by: Dan Fandrich
+ Fixes #10723
+ Closes #10734
-Dmitry Atamanov (12 Feb 2023)
+- CURLSHOPT_SHARE.3: HSTS sharing is not thread-safe
-- cmake: fix dev warning due to mismatched arg
+ Reported-by: Hiroki Kurosawa
+ Closes #10732
- The package name passed to find_package_handle_standard_args (BROTLI)
- does not match the name of the calling package (Brotli). This can lead
- to problems in calling code that expects find_package result variables
- (e.g., _FOUND) to follow a certain pattern.
+- telnet: only accept option arguments in ascii
- Closes https://github.com/curl/curl/pull/10471
+ To avoid embedded telnet negotiation commands etc.
-James Keast (11 Feb 2023)
+ Reported-by: Harry Sintonen
+ Closes #10728
-- setopt: Address undefined behaviour by checking for null
+- test1903: test use of COOKIEFILE - reset - COOKIEFILE
- This addresses undefined behaviour found using clang's UBsan:
+ This also tests for the memory leak bug fixed by parent commit b559ef6f.
- curl/lib/setopt.c:177:14: runtime error: applying non-zero offset 1 to null p
- ointer
- SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior curl/lib/setopt.c:177
- :14 in
+ Ref: #10694
- Closes #10472
+ Closes https://github.com/curl/curl/pull/10712
-Jacob Hoffman-Andrews (11 Feb 2023)
+Jay Satiro (10 Mar 2023)
-- rustls: improve error messages
+- url: fix cookielist memleak when curl_easy_reset
- Changes numeric error codes into verbose error codes in two places.
- Adds a prefix indicating that the error came from rustls, and in some
- places which function it came from.
+ - Free set.cookelist in Curl_freeset instead of Curl_close.
- Adds special handling for RUSTLS_RESULT_UNEXPECTED_EOF, since the
- default message of "Unexpected EOF" is insufficiently explanatory.
+ Prior to this change the cookielist linked list wasn't freed by
+ curl_easy_reset which calls Curl_freeset to free all set.
- Closes #10463
+ Bug: https://github.com/curl/curl/issues/10694#issuecomment-1458619157
+ Reported-by: Sergey Ryabinin
-Daniel Stenberg (11 Feb 2023)
+ Closes https://github.com/curl/curl/pull/10709
-- openssl: remove dead code
+Dan Fandrich (10 Mar 2023)
- Follow-up to e8b00fcd6a
+- tests: fix some keywords and unused sections
- Due to the new 'if(!nonblocking)' check on the block a level above,
- there is no need to check for it again within the same conditional.
+- tests: fix test1301 to call the right binary
- Detected by Coverity
+ It was refactored in commit 480ac6e5 but this step was missed.
- Closes #10473
+- tests: add timeout, SLOWDOWN and DELAY keywords to tests
-- ngtcp2: replace removed define and stop using removed function
+ These are tests that are testing timing and end up being quite slow.
- They were removed upstream.
+Daniel Stenberg (10 Mar 2023)
- Reported-by: Karthikdasari0423 on github
- Fixes #10469
- Closes #10474
+- RELEASE-NOTES: synced
-- scripts/delta: show percent of number of files changed since last tag
+Stefan Eissing (10 Mar 2023)
-- RELEASE-NOTES: synced
+- wolfSSL: ressurect the BIO `io_result`
-Stefan Eissing (10 Feb 2023)
+ In pytest'ing the situation occored that wolfSSL reported an
+ IO error when the underlying BIO operation was returning an
+ CURLE_AGAIN condition.
-- pytest: add a test case for PUSH related things.
+ Readding the `io_result` filter context member to detect such
+ situations.
- - checking that "103 Early Hints" are visible in curl's header dump file
+ Also, making sure that the returned CURLcode is initialized
+ on all recv operations outcome.
- Closes #10452
+ Closes #10716
-Gregory Panakkal (10 Feb 2023)
+- gssapi: align global `gss_OID_desc` vars to silence ld warnings on macOS vent
+ ura
-- WEBSOCKET.md: typo
+ Refs #9975 which first reported this.
- Fixing missing slash for ws protocol scheme
+ Closes #10718
- Closes #10464
+Daniel Stenberg (10 Mar 2023)
-Stefan Eissing (10 Feb 2023)
+- libssh2: only set the memory callbacks when debugging
-- vquic: stabilization and improvements
+ This makes us debug libssh2 less and libcurl more when for example
+ running torture tests that otherwise will spend a lot of time in libssh2
+ functions.
- vquic stabilization
- - udp send code shared between ngtcp2 and quiche
- - quiche handling of data and events improved
+ We leave libssh2 to test libssh2.
- ngtcp2 and pytest improvements
- - fixes handling of "drain" situations, discovered in scorecard
- tests with the Caddy server.
- - improvements in handling transfers that have already data or
- are already closed to make an early return on recv
+ Closes #10721
- pytest
- - adding caddy tests when available
+- docs/SECURITY-PROCESS.md: updates
- scorecard improvemnts.
- - using correct caddy port
- - allowing tests for only httpd or caddy
+ - allow Low+Medium issues to be managed through plain PRs
+ - update the bug-bounty part to reflect current reality
- Closes #10451
+ Closes #10719
-Philip Heiduck (10 Feb 2023)
+Dan Fandrich (9 Mar 2023)
-- Linux CI: update some dependecies to latest tag
+- tests: fix tag markup issues in some tests
- Closes #10458
+Marcel Raad (9 Mar 2023)
-Daniel Stenberg (10 Feb 2023)
+- tests: add `cookies` features
-- test2305: send 3 frames, 4097 bytes each, as one message
+ These tests don't work with `--disable-cookies`.
- Receive them using a 256 bytes buffer in a loop.
+ Closes https://github.com/curl/curl/pull/10713
-- ws: fix recv of larger frames
+- test420: add cookies keyword
- + remove 'oleft' from the struct
- + deal with "overflow data" in a separate dynbuf
+ It fails with `--disable-cookies`.
- Reported-by: Mike Duglas
- Fixes #10438
- Closes #10447
+ Closes https://github.com/curl/curl/pull/10713
-- curl/websockets.h: extend the websocket frame struct
+Dan Fandrich (8 Mar 2023)
-- sws: fix typo, indentation add more ws logging
+- CI: Add more labeler match patterns
-- test2304: remove stdout verification
+ Also, add the CI, tests or libcurl API tags in conjunction with any
+ others that might also apply.
- This cripples the test somewhat but the check was bad since depending on
- timing it could exit before the output was done, making the test flaky.
+Andy Alt (9 Mar 2023)
-Dan Fandrich (9 Feb 2023)
+- GHA: minor improvements to spellcheck
-- CI: Add more labeler match patterns
+ Closes #10640
-- CI: Retry failed downloads to reduce spurious failures
+Daniel Stenberg (9 Mar 2023)
- A temporary error with a remote server shouldn't cause a CI run to fail.
- Also, put a cap on the time to download to fail faster on a misbehaving
- server or connection and use HTTP compression where possible to reduce
- download times.
+- test1671: fix after fix
-Daniel Stenberg (9 Feb 2023)
+- test421: -w %{header_json} test with multiple same header names
-- no-clobber.d: only use long form options in man page text
+ To reproduce the issue in #10704
- ... since they are expanded and the short-form gets mentioned
- automatically so if the short form is mentioned as well, it gets
- repeated.
+- tool_writeout_json. fix the output for duplicate header names
- Fixes #10461
- Closes #10462
- Reported-by: Dan Fandrich
+ Header entries with index != 0 are handled at the index 0 level so they
+ should then be skipped when iterated over.
-- GHA: enable websockets in the torture job
+ Reported-by: Boris Okunskiy
+ Fixes #10704
+ Closes #10707
- Closes #10448
+- headers: make curl_easy_header and nextheader return different buffers
-- header.d: add a header file example
+ By letting curl_easy_header() and curl_easy_nextheader() store the
+ header data in their own struct storage when they return a pointer to
+ it, it makes it possible for applications to use them both in a loop.
+ Like the curl tool does.
- Closes #10455
+ Reported-by: Boris Okunskiy
+ Fixes #10704
+ Closes #10707
-Stefan Eissing (9 Feb 2023)
+rcombs (8 Mar 2023)
-- HTTP/[23]: continue upload when state.drain is set
+- urlapi: take const args in _dup and _get functions
- - as reported in #10433, HTTP/2 uploads may stall when a response is
- received before the upload is done. This happens when the
- data->state.drain is set for such a transfer, as the special handling
- in transfer.c from then on only cared about downloads.
- - add continuation of uploads, if applicable, in this case.
- - add pytest case test_07_12_upload_seq_large to reproduce this scenario
- (although, current nghttp2 implementation is using drain less often)
+ Closes #10708
- Reported-by: Lucas Pardue
+- urlapi: avoid mutating internals in getter routine
- Fixes #10433
- Closes #10443
+ This was not intended.
-- http2: minor buffer and error path fixes
+ Closes #10708
- - use memory buffer in full available size
- - fail receive of reset/errored streams early
+Daniel Stenberg (8 Mar 2023)
- pytest:
- - make test_05 error cases more reliable
+- urlapi: '%' is illegal in host names
- Closes #10444
+ Update test 1560 to verify
-Federico Pellegrin (9 Feb 2023)
+ Ref: #10708
+ Closes #10711
-- openldap: fix missing sasl symbols at build in specific configs
+- ftp: make the 'ftpauth' a more normal 'char *'-array
- If curl is built with openldap support (USE_OPENLDAP=1) but does not
- have also some other protocol (IMAP/SMTP/POP3) enabled that brings
- in Curl_sasl_* functions, then the build will fail with undefined
- references to various symbols:
+ Closes #10703
- ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_decode_mech'
- ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_parse_url_auth
- _option'
- ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_cleanup'
- ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_can_authentica
- te'
- ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_continue'
- ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_start'
- ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_init'
+Evgeny Grin (Karlson2k) (8 Mar 2023)
- This was tracked down to these functions bein used in openldap.c but
- defined in curl_sasl.c and then forward in two vauth/ files to have
- a guard against a set of #define configurations that was now extended
- to cover also this case.
+- doc: fix compiler warning in libcurl.m4
- Example configuration targeted that could reproduce the problem:
+ Current test for curl_free() may produce warnings with strict compiler
+ flags or even with default compiler flags with upcoming versions.
+ These warning could turned into errors by -Werror or similar flags.
+ Such warnings/errors are avoided by this patch.
- curl 7.87.1-DEV () libcurl/7.87.1-DEV .... OpenLDAP/2.6.3
- Protocols: file ftp ftps http https ldap ldaps
+ Closes #10710
- Closes #10445
+Viktor Szakats (8 Mar 2023)
-Daniel Stenberg (9 Feb 2023)
+- misc: fix typos
-- ws: use %Ou for outputting curl_off_t with info()
+ Closes #10706
- Reported-by: Mike Duglas
- Fixes #10439
- Closes #10441
+Stefan Eissing (7 Mar 2023)
-Jay Satiro (9 Feb 2023)
+- ftp: active mode with SSL, add the damn filter
-- curl_setup: Disable by default recv-before-send in Windows
+ - since 7.87.0 we lost adding the SSL filter for an active
+ FTP connection that uses SSL. This leads to hangers and timeouts
+ as reported in #10666.
- Prior to this change a workaround for Windows to recv before every send
- was enabled by default. The way it works is a recv is called before
- every send and saves the received data, in case send fails because in
- Windows apparently that can wipe out the socket's internal received
- data buffer.
+ Reported-by: SandakovMM on github
+ Fixes #10666
+ Closes #10669
- This feature has led to several bugs because the way libcurl operates
- it waits on a socket to read or to write, and may not at all times
- check for buffered receive data.
+Daniel Stenberg (7 Mar 2023)
- Two recent significant bugs this workaround caused:
- - Broken Schannel TLS 1.3 connections (#9431)
- - HTTP/2 arbitrary hangs (#10253)
+- docs: extend the URL API descriptions
- The actual code remains though it is disabled by default. Though future
- changes to connection filter buffering could improve the situation IMO
- it's just not tenable to manage this workaround.
+ Closes #10701
- Ref: https://github.com/curl/curl/issues/657
- Ref: https://github.com/curl/curl/pull/668
- Ref: https://github.com/curl/curl/pull/720
+Stefan Eissing (7 Mar 2023)
- Ref: https://github.com/curl/curl/issues/9431
- Ref: https://github.com/curl/curl/issues/10253
+- url: fix logic in connection reuse to deny reuse on "unclean" connections
- Closes https://github.com/curl/curl/pull/10409
+ - add parameter to `conn_is_alive()` cfilter method that returns
+ if there is input data waiting on the connection
+ - refrain from re-using connnection from the cache that have
+ input pending
+ - adapt http/2 and http/3 alive checks to digest pending input
+ to check the connection state
+ - remove check_cxn method from openssl as that was just doing
+ what the socket filter now does.
+ - add tests for connection reuse with special server configs
-Stefan Eissing (8 Feb 2023)
+ Closes #10690
-- http2: aggregate small SETTINGS/PRIO/WIN_UPDATE frames
+Daniel Stenberg (6 Mar 2023)
- add a small buffer to nghttp2 session sending in order to aggregate
- small SETTINGS/PRIO/WIN_UPDATE frames that nghttp2 "writes" to the
- callback individually.
+- x509asn1: use plain %x, not %lx, when the arg is an int
- Ref: #10389
- Closes #10432
+ Pointed out by Coverity.
-- openssl: store the CA after first send (ClientHello)
+ Closes #10689
- move Curl_ssl_setup_x509_store() call after the first send (ClientHello)
- this gives time to parse CA anchors while waiting on the server reply
+Stefan Eissing (6 Mar 2023)
- Ref: #10389
- Closes #10432
+- http2: fix handling of RST and GOAWAY to recognize partial transfers
-Daniel Stenberg (8 Feb 2023)
+ - a reset transfer (HTTP/2 RST) did not always lead to the proper
+ error message on receiving its response, leading to wrong reports
+ of a successful transfer
+ - test_05_02 was able to trigger this condition with increased transfer
+ count. The simulated response errors did not carry a 'Content-Length'
+ so only proper RST handling could detect the abort
+ - When doing such transfers in parallel, a connection could enter the
+ state where
+ a) it had been closed (GOAWAY received)
+ b) the RST had not been "seen" for the transfer yet
+ or c) the GOAWAY announced an error and the last successful
+ stream id was not checked against ongoing transfers
-- RELEASE-NOTES: synced
+ Closes #10693
-Anthony Hu (8 Feb 2023)
+- tests: use dynamic ports numbers in pytest suite
-- wolfssl: remove deprecated post-quantum algorithms
+ - necessary ports are bound at start of test suite and then
+ given to server fixtures for use.
+ - this make parallel use of pytest (in separate directories),
+ practically safe for use as OS tend to not reuse such port numbers
+ for a while
- Closes #10440
+ Closes #10692
-John Bampton (8 Feb 2023)
+- connect: fix time_connect and time_appconnect timer statistics
-- misc: fix spelling
+ - time_connect was not updated when the overall connection failed,
+ e.g. when SSL verification was unsuccessful, refs #10670
+ - rework gather those values to interrogate involved filters,
+ also from all eyeballing attempts, to report the maximum of
+ those values.
+ - added 3 test cases in test_06 to check reported values on
+ successful, partially failed and totally failed connections.
- Closes #10437
+ Reported-by: Master Inspire
+ Fixes #10670
+ Closes #10671
-Daniel Stenberg (7 Feb 2023)
+Daniel Stenberg (6 Mar 2023)
-- man pages: call the custom user pointer 'clientp' consistently
+- test1905: update output cookie order
- The variable had a few different names. Now try to use 'clientp'
- consistently for all man pages using a custom pointer set by the
- application.
+ After the #10685 update
- Reported-by: Gerrit Renker
+- test420: verify expiring cookies
- Fixes #10434
- Closes #10435
+ Cookies that are loaded fine from a jar but then are expired in headers.
-- vtls: infof using %.*s needs to provide the length as int
+- cookie: don't load cookies again when flushing
- Fixes a Coverity warning.
+ Reported-by: Sergio Mijatovic
+ Fixes #10677
+ Closes #10685
- Closes #10436
+- RELEASE-NOTES: synced
-Stefan Eissing (7 Feb 2023)
+Andy Alt (6 Mar 2023)
-- vrls: addressing issues reported by coverity
+- docs: note '--data-urlencode' option
- I believe the code was secure before this, but limiting the accepted
- name length to what is used in the structures should help Coverity's
- analysis.
+ Closes #10687
- Closes #10431
+Daniel Stenberg (6 Mar 2023)
-Daniel Stenberg (7 Feb 2023)
+- DEPRECATE: the original legacy mingw version 1
-- tool_operate: move the 'updated' variable
+ Remove completely in September 2023
- This was already done by Dan Fandrich in the previous PR but somehow I
- lost that fixup.
+ Closes #10667
- Follow-up to 349c5391f2121e
+Harry Sintonen (6 Mar 2023)
-Dan Fandrich (7 Feb 2023)
+- rand: use arc4random as fallback when available
-- tool_operate: Fix error codes during DOS filename sanitize
+ Normally curl uses cryptographically strong random provided by the
+ selected SSL backend. If compiled without SSL support, a naive built-in
+ function was used instead.
- It would return CURLE_URL_MALFORMAT in an OOM condition.
+ Generally this was okay, but it will result in some downsides for non-
+ SSL builds, such as predictable temporary file names.
- Closes #10414
+ This change ensures that arc4random will be used instead, if available.
-- tool_operate: Fix error codes on bad URL & OOM
+ Closes #10672
- curl would erroneously report CURLE_OUT_OF_MEMORY in some cases instead
- of CURLE_URL_MALFORMAT. In other cases, it would erroneously return
- CURLE_URL_MALFORMAT instead of CURLE_OUT_OF_MEMORY. Add a test case to
- test the former condition.
+Grisha Levit (6 Mar 2023)
- Fixes #10130
- Closes #10414
+- tool: dump headers even if file is write-only
-Daniel Stenberg (6 Feb 2023)
+ The fixes in #10079 brought a (seemingly unrelated) change of open mode
+ from `wb`/`ab` to `wb+`/`ab+` for the headerfile. This makes it no
+ longer possible to write the header file to e.g. a pipe, like:
-- setopt: use >, not >=, when checking if uarg is larger than uint-max
+ curl -D >(grep ...) file:///dev/null
- Closes #10421
+ Which presently results in `Warning: Failed to open /dev/fd/63`
-- vtls: fix failf() format argument type for %.*s handling
+ See #10079
+ Closes #10675
- Reported by Coverity
+Jay Satiro (6 Mar 2023)
- Closes #10422
+- tests: fix gnutls-serv check
-- openssl: fix "Improper use of negative value"
+ - If gnutls-serv doesn't exist then don't try to execute it.
- By getting the socket first and returning error in case of bad socket.
+ Follow-up to 2fdc1d81.
- Detected by Coverity.
+ Closes https://github.com/curl/curl/pull/10688
- Closes #10423
+Daniel Stenberg (6 Mar 2023)
-Dan Fandrich (6 Feb 2023)
+- lib1560: fix enumerated type mixed with another type
-- packages: Remove Android.mk from makefile
+ Follow-up to c84c0f9aa3bb006
- This was missed in commit #44141512
+ Closes #10684
- Ref: #10418
+Viktor Szakats (5 Mar 2023)
-Daniel Stenberg (6 Feb 2023)
+- cmake: fix enabling LDAPS on Windows
-- curl_ws_send.3: clarify how to send multi-frame messages
+ Before this patch, enabling LDAPS required a manual C flag:
+ https://github.com/curl/curl-for-win/blob/c1cfc31cfc04f24f7a4f946564d6f0e1b4d
+ 7dd36/curl-cmake.sh#L105
-Mike Duglas (6 Feb 2023)
+ Fix this and enable LDAPS automatically when using `wldap32` (and
+ when not explicitly disabled). This matches autotools and `Makefile.mk`
+ behavior. Also remove issue from KNOWN_BUGS.
-- ws: fix multiframe send handling
+ Add workaround for MSVS 2010 warning triggered by LDAPS now enabled
+ in more CI tests:
+ `ldap.c(360): warning C4306: 'type cast' : conversion from 'int' to 'void *'
+ of greater size`
+ Ref: https://ci.appveyor.com/project/curlorg/curl/builds/46408284/job/v8mwl9y
+ fbmoeqwlr#L312
- Fixes #10413
- Closes #10420
+ Reported-by: JackBoosY on github
+ Reviewed-by: Jay Satiro
+ Reviewed-by: Marcel Raad
+ Fixes #6284
+ Closes #10674
-Daniel Stenberg (6 Feb 2023)
+- Makefile.mk: delete redundant `HAVE_LDAP_SSL` macro [ci skip]
-- unit2600: make sure numerical curl_easy_setopt sets long
+ Since abebb2b8939c6b3e0f951eb2d9ec3729b569aa2c, we set this macro for
+ all Windows `wldap32` builds using `Makefile.mk`.
- Follow-up to 671158242db3203
+ For OpenLDAP builds this macro is not enough to enable LDAPS, and
+ OpenLDAP is not an option in `Makefile.mk`. For Novell LDAP it might
+ have helped, but it's also not an option anymore in `Makefile.mk`.
- Reported-by: Marcel Raad
- Fixes #10410
- Closes #10419
+ The future for LDAPS is that we should enable it by default without
+ extra build knobs.
-Andy Alt (6 Feb 2023)
+ Reviewed-by: Marcel Raad
+ Closes #10681
-- GHA: move Slackware test into matrix
+- cmake: skip CA-path/bundle auto-detection in cross-builds
- Closes #10412
+ Also remove issue from KNOWN_BUGS.
-Pronyushkin Petr (6 Feb 2023)
+ Reported-by: Cristian Morales Vega
+ Reviewed-by: Marcel Raad
+ Fixes #6178
+ Closes #10676
-- urlapi: fix part of conditional expression is always true: qlen
+Daniel Stenberg (3 Mar 2023)
- Closes #10408
+- schannel: loop over the algos to pick the selected one
-- url: fix part of conditional expression is always true
+ Avoid using the funny macro and the extra buffer copy.
- Closes #10407
+ Closes #10647
-Daniel Stenberg (6 Feb 2023)
+- wildcard: remove files and move functions into ftplistparser.c
-- RELEASE-NOTES: synced
+- ftp: allocate the wildcard struct on demand
-Philip Heiduck (6 Feb 2023)
+ The feature is rarely used so this frees up data for the vast majority
+ of easy handles that don't use it.
-- GHA/macos.yml: bump to gcc-12
+ Rename "protdata" to "ftpwc" since it is always an FTP wildcard struct
+ pointer. Made the state struct field an unsigned char to save space.
- Closes #10415
+ Closes #10639
-Daniel Stenberg (6 Feb 2023)
+- lib1560: test parsing URLs with ridiculously large fields
-- packages: remove Android, update README
+ In the order of 120K.
- - Nobody builds curl for Android using this anymore
- - Refreshed the README and converted to markdown
+ Closes #10665
- Reported-by: John Porter
- Fixes #10416
- Closes #10418
+Brad Spencer (3 Mar 2023)
-Kvarec Lezki (5 Feb 2023)
+- urlapi: parse IPv6 literals without ENABLE_IPV6
-- fopen: remove unnecessary assignment
+ This makes the URL parser API stable and working the same way
+ independently of libcurl supporting IPv6 transfers or not.
- [CWE-1164] V1048: The '* tempname' variable was assigned the same value.
+ Closes #10660
- Ref: https://pvs-studio.com/en/docs/warnings/v1048/
+Jan Engelhardt (3 Mar 2023)
- Closes https://github.com/curl/curl/pull/10398
+- build: drop the use of XC_AMEND_DISTCLEAN
-Gisle Vanem (5 Feb 2023)
+ Because automake used to delete depdirs at once (.deps) and there was an issu
+ e
+ with portability, curl's XC_AMEND_DISTCLEAN greps the Makefiles in an attempt
+ to build a list of all depfiles and delete them individually instead.
-- libtest: add a sleep macro for Windows
+ Since commit 08849db866b44510f6b8fd49e313c91a43a3dfd3, automake switched from
+ deleting directories to individual files. curl's custom logic now finds a lot
+ more results with the grep (the filtering of these results isn't great), whic
+ h
+ causes a massive bloating of the Makefile in the order of O(n^2).
- .. because sleep() is used in some libtests.
+ Also remove now-unused XC_AMEND_DISTCLEAN macro group
- Closes https://github.com/curl/curl/pull/10295
+ References: https://github.com/curl/curl/issues/9843
+ References: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=59288
-Kvarec Lezki (3 Feb 2023)
+ Reported-by: Ilmari Lauhakangas
+ Fixes #9843
+ Closes #10661
-- http_aws_sigv4: remove typecasts from HMAC_SHA256 macro
+Balakrishnan Balasubramanian (3 Mar 2023)
- V220: Suspicious sequence of types castings: memsize -> 32-bit integer -> mem
- size.
+- test1470: test socks proxy using unix sockets and connect to https
- https://pvs-studio.com/en/docs/warnings/v220/
+ Similar to test1468 except using https instead of http
- Closes #10400
+ Closes #10662
-Daniel Stenberg (3 Feb 2023)
+Daniel Stenberg (3 Mar 2023)
-- mailmap: Thomas1664 on github
+- test1960: verify CURL_SOCKOPT_ALREADY_CONNECTED
-Thomas1664 on github (3 Feb 2023)
+ When returned from the CURLOPT_SOCKOPTFUNCTION, like when we have a
+ custom socket connected in the app, passed in to libcurl.
-- CURLOPT_WRITEFUNCTION.3: fix memory leak in example
+ Verifies the fix in #10648
- Closes #10390
+ Closes #10651
-Kvarec Lezki (3 Feb 2023)
+Stefan Eissing (2 Mar 2023)
-- doh: ifdef IPv6 code
+- tests: rename tests/tests-httpd to tests/http
- For disabled IPv6 a condition (conn->ip_version != CURL_IPRESOLVE_V4) is
- always false. https://pvs-studio.com/en/docs/warnings/v560/
+ - httpd is only one server we test with
+ - the suite coveres the HTTP protocol in general where
+ the default test cases need a more beefy environment
- Closes #10397
+ Closes #10654
-Daniel Stenberg (3 Feb 2023)
+- socket: detect "dead" connections better, e.g. not fit for reuse
-- urlapi: remove pathlen assignment
+ - refs #10646 where reuse was attempted on closed connections in the
+ cache, leading to an exhaustion of retries on a transfer
+ - the mistake was that poll events like POLLHUP, POLLERR, etc
+ were regarded as "not dead".
+ - change cf-socket filter check to regard such events as inidication
+ of corpsiness.
+ - vtls filter checks: fixed interpretation of backend check result
+ when inconclusive to interrogate status further down the filter
+ chain.
- "Value stored to 'pathlen' is never read"
+ Reported-by: SendSonS on github
+ Fixes #10646
+ Closes #10652
- Follow-up to 804d5293f89
+- lib: give source files cf-http.* better fitting names
- Reported-by: Kvarec Lezki
+ Closes #10656
- Closes #10405
+- http2: fix code indent
-Kvarec Lezki (3 Feb 2023)
+ Closes https://github.com/curl/curl/pull/10655
-- http: fix "part of conditional expression is always false"
+Shankar Jadhavar (1 Mar 2023)
- [CWE-570] V560: A part of conditional expression is always false: conn->bits.
- authneg.
- [CWE-570] V560: A part of conditional expression is always false: conn->handl
- er->protocol & (0 | 0).
+- cf-socket: if socket is already connected, return CURLE_OK
- https://pvs-studio.com/en/docs/warnings/v560/
+ In 7.87.0, if callback method for CURLOPT_SOCKOPTFUNCTION returns
+ CURL_SOCKOPT_ALREADY_CONNECTED then curl library used to return
+ CURLE_OK. n 7.88.0, now even if callback returns
+ CURL_SOCKOPT_ALREADY_CONNECTED, curl library still tries to connect to
+ socket by invoking method do_connect().
- Closes #10399
+ This is regression caused by commit
+ https://github.com/curl/curl/commit/71b7e0161032927cdfb
-Daniel Stenberg (2 Feb 2023)
+ Fix: Check if we are already connected and return CURLE_OK.
-- urlapi: skip the extra dedotdot alloc if no dot in path
+ Fixes #10626
+ Closes #10648
- Saves an allocation for many/most URLs.
+Jay Satiro (1 Mar 2023)
- Updates test 1395 accordingly
+- DYNBUF.md: note Curl_dyn_add* calls Curl_dyn_free on failure
- Closes #10403
+ This is the existing behavior and it has been widely assumed in the
+ codebase.
-Stefan Eissing (2 Feb 2023)
+ Closes https://github.com/curl/curl/pull/10645
-- connections: introduce http/3 happy eyeballs
+Stefan Eissing (1 Mar 2023)
- New cfilter HTTP-CONNECT for h3/h2/http1.1 eyeballing.
- - filter is installed when `--http3` in the tool is used (or
- the equivalent CURLOPT_ done in the library)
- - starts a QUIC/HTTP/3 connect right away. Should that not
- succeed after 100ms (subject to change), a parallel attempt
- is started for HTTP/2 and HTTP/1.1 via TCP
- - both attempts are subject to IPv6/IPv4 eyeballing, same
- as happens for other connections
- - tie timeout to the ip-version HAPPY_EYEBALLS_TIMEOUT
- - use a `soft` timeout at half the value. When the soft timeout
- expires, the HTTPS-CONNECT filter checks if the QUIC filter
- has received any data from the server. If not, it will start
- the HTTP/2 attempt.
+- http2: fix upload busy loop
- HTTP/3(ngtcp2) improvements.
- - setting call_data in all cfilter calls similar to http/2 and vtls filters
- for use in callback where no stream data is available.
- - returning CURLE_PARTIAL_FILE for prematurely terminated transfers
- - enabling pytest test_05 for h3
- - shifting functionality to "connect" UDP sockets from ngtcp2
- implementation into the udp socket cfilter. Because unconnected
- UDP sockets are weird. For example they error when adding to a
- pollset.
+ - Set KEEP_SEND_PAUSE when exhausting remote HTTP/2 window size of a
+ stream.
- HTTP/3(quiche) improvements.
- - fixed upload bug in quiche implementation, now passes 251 and pytest
- - error codes on stream RESET
- - improved debug logs
- - handling of DRAIN during connect
- - limiting pending event queue
+ - Clear KEEP_SEND_PAUSE when receiving HTTP/2 window updates on a paused
+ stream.
- HTTP/2 cfilter improvements.
- - use LOG_CF macros for dynamic logging in debug build
- - fix CURLcode on RST streams to be CURLE_PARTIAL_FILE
- - enable pytest test_05 for h2
- - fix upload pytests and improve parallel transfer performance.
+ - Also fix http2 send compiler warnings reported in #10449.
- GOAWAY handling for ngtcp2/quiche
- - during connect, when the remote server refuses to accept new connections
- and closes immediately (so the local conn goes into DRAIN phase), the
- connection is torn down and a another attempt is made after a short grace
- period.
- This is the behaviour observed with nghttpx when we tell it to shut
- down gracefully. Tested in pytest test_03_02.
+ Prior to this change, starting in 71b7e016 which precedes 7.88.0,
+ libcurl may eat CPU during HTTP/2 upload.
- TLS improvements
- - ALPN selection for SSL/SSL-PROXY filters in one vtls set of functions, repl
- aces
- copy of logic in all tls backends.
- - standardized the infof logging of offered ALPNs
- - ALPN negotiated: have common function for all backends that sets alpn propr
- ty
- and connection related things based on the negotiated protocol (or lack the
- reof).
+ Reported-by: Jay Satiro
- - new tests/tests-httpd/scorecard.py for testing h3/h2 protocol implementatio
- n.
- Invoke:
- python3 tests/tests-httpd/scorecard.py --help
- for usage.
+ Fixes https://github.com/curl/curl/issues/10449
+ Fixes https://github.com/curl/curl/issues/10618
+ Closes https://github.com/curl/curl/pull/10627
- Improvements on gathering connect statistics and socket access.
- - new CF_CTRL_CONN_REPORT_STATS cfilter control for having cfilters
- report connection statistics. This is triggered when the connection
- has completely connected.
- - new void Curl_pgrsTimeWas(..) method to report a timer update with
- a timestamp of when it happend. This allows for updating timers
- "later", e.g. a connect statistic after full connectivity has been
- reached.
- - in case of HTTP eyeballing, the previous changes will update
- statistics only from the filter chain that "won" the eyeballing.
- - new cfilter query CF_QUERY_SOCKET for retrieving the socket used
- by a filter chain.
- Added methods Curl_conn_cf_get_socket() and Curl_conn_get_socket()
- for convenient use of this query.
- - Change VTLS backend to query their sub-filters for the socket when
- checks during the handshake are made.
+Daniel Stenberg (1 Mar 2023)
- HTTP/3 documentation on how https eyeballing works.
+- sectransp: make read_cert() use a dynbuf when loading
- TLS improvements
- - ALPN selection for SSL/SSL-PROXY filters in one vtls set of functions, repl
- aces
- copy of logic in all tls backends.
- - standardized the infof logging of offered ALPNs
- - ALPN negotiated: have common function for all backends that sets alpn propr
- ty
- and connection related things based on the negotiated protocol (or lack the
- reof).
+ Closes #10632
- Scorecard with Caddy.
- - configure can be run with `--with-test-caddy=path` to specify which caddy t
- o use for testing
- - tests/tests-httpd/scorecard.py now measures download speeds with caddy
+Jay Satiro (1 Mar 2023)
- pytest improvements
- - adding Makfile to clean gen dir
- - adding nghttpx rundir creation on start
- - checking httpd version 2.4.55 for test_05 cases where it is needed. Skippin
- g with message if too old.
- - catch exception when checking for caddy existance on system.
+- transfer: limit Windows SO_SNDBUF updates to once a second
- Closes #10349
+ - Change readwrite_upload() to call win_update_buffer_size() no more
+ than once a second to update SO_SNDBUF (send buffer limit).
-Daniel Stenberg (2 Feb 2023)
+ Prior to this change during an upload readwrite_upload() could call
+ win_update_buffer_size() anywhere from hundreds of times per second to
+ an extreme test case of 100k per second (which is likely due to a bug,
+ see #10618). In the latter case WPA profiler showed
+ win_update_buffer_size was the highest capture count in
+ readwrite_upload. In any case the calls were excessive and unnecessary.
-- CODEOWNERS: remove the peeps mentioned as CI owners
+ Ref: https://github.com/curl/curl/pull/2762
- These owners do not have the bandwidth/energy to do the reviews which
- makes PRs stall and this ownership claim flawed. We can bring people
- back when the situation is different.
+ Closes https://github.com/curl/curl/pull/10611
- Follow-up to c04c78ac87c4d46737934345a
+Daniel Stenberg (28 Feb 2023)
- Closes #10386
+- RELEASE-NOTES: synced
-Martin D'Aloia (2 Feb 2023)
+Stefan Eissing (28 Feb 2023)
-- write-out.d: add 'since version' to %{header_json} documentation
+- http2: fix for http2-prior-knowledge when reusing connections
- The documentation of `%{header_json}` missed to mention since which
- version this variable for `--write-out` is present.
+ - refs #10634 where errors in the HTTP/2 framing layer are observed.
+ - the bug was that on connection reuse, the code attempted to switch
+ in yet another layer of HTTP/2 handling instead of detecting that
+ this was already in place.
+ - added pytest testcase reproducing the issue.
- Based on commit https://github.com/curl/curl/commit/4133a69f2daa476bb
- we can determine from the tags were this commit is present that the
- first version to include it was `7.83.0`.
- This could be also checked with:
- `git tag --contains 4133a69f2daa476bb6d902687f1dd6660ea9c3c5`
+ Reported-by: rwmjones on github
+ Fixes #10634
+ Closes #10643
- Closes #10395
+- cf-socket: fix handling of remote addr for accepted tcp sockets
-Daniel Stenberg (1 Feb 2023)
+ - do not try to determine the remote address of a listen socket. There
+ is none.
+ - Update remote address of an accepted socket by getpeername() if
+ available.
-- urlapi: avoid Curl_dyn_addf() for hex outputs
+ Reported-by: Harry Sintonen
+ Fixes #10622
+ Closes #10642
- Inspired by the recent fixes to escape.c, we should avoid calling
- Curl_dyn_addf() in loops, perhaps in particular when adding something so
- simple as %HH codes - for performance reasons. This change makes the
- same thing for the URL parser's two URL-encoding loops.
+- http: fix unix domain socket use in https connects
- Closes #10384
+ - when h2/h3 eyeballing was involved, unix domain socket
+ configurations were not honoured
+ - configuring --unix-socket will disable HTTP/3 as candidate for eyeballing
+ - combinatino of --unix-socket and --http3-only will fail during initialisati
+ on
+ - adding pytest test_11 to reproduce
-- urlapi: skip path checks if path is just "/"
+ Reported-by: Jelle van der Waa
+ Fixes #10633
+ Closes #10641
- As a miniscule optimization, treat a path of the length 1 as the same as
- non-existing, as it can only be a single leading slash, and that's what
- we do for no paths as well.
+Daniel Stenberg (28 Feb 2023)
- Closes #10385
+- setopt: move the CURLOPT_CHUNK_DATA pointer to the set struct
-Philip Heiduck (1 Feb 2023)
+ To make duphandle work etc
-- GHA/macos: use Xcode_14.0.1 for cmake builds
+ Closes #10635
- Fixes #10356
- Closes #10381
+Viktor Szakats (28 Feb 2023)
-Viktor Szakats (1 Feb 2023)
+- quic/schannel: fix compiler warnings
-- tls: fixes for wolfssl + openssl combo builds
+ Fixes #10603
+ Closes #10616
- 1. Add `USE_WOLFSSL` to the TLS backend priority list in
- `lib/curl_ntlm_core.c`.
+Daniel Stenberg (28 Feb 2023)
- 2. Fix `lib/curl_ntlm_core.h` to respect TLS backend priority, bringing
- it in sync with the above list and `lib/curl_ntlm_core.c` itself.
+- page-footer: add explanation for three missing exit codes
- Reported-by: Mark Roszko
- Ref: https://github.com/curl/curl/issues/10321
+ Added in 7.73.0, 7.77.0 and 7.84.0
- 3. Allow enabling both wolfSSL and OpenSSL at the same time in
- `lib/Makefile.mk` bringing this in line with cmake/autotools builds.
- Update logic to select the crypto-specific lib for `ngtcp2`, which
- supports a single TLS backend at the same time.
+ Closes #10630
- Closes #10322
+積丹尼 Dan Jacobson (28 Feb 2023)
-Daniel Stenberg (1 Feb 2023)
+- rate.c: single URLs make no sense in --rate example
-- RELEASE-NOTES: synced
+ Here somehow you need to put more than one URL in these examples, else
+ they will make no sense, as --rate only affects the second and beyond
+ URLs. The first URL will always finish the same time no matter what
+ --rate is given.
-- docs/INSTALL: document how to use multiple TLS backends
+ Closes #10638
- And document how OpenSSL forks and wolfSSL cannot be used at the same
- time.
+Daniel Stenberg (28 Feb 2023)
- Reported-by: Mark Roszko
- Fixes #10321
- Closes #10382
+- libcurl-errors.3: add the CURLHcode errors from curl_easy_header.3
-Kvarec Lezki (1 Feb 2023)
+ Closes #10629
-- cookies: fp is always not NULL
+- mqtt: on send error, return error
- Closes #10383
+ Reported-by: Maciej Domanski
-Daniel Stenberg (31 Jan 2023)
+ Closes #10623
-- escape: use table lookup when adding %-codes to output
+- ws: keep the socket non-blocking
- On my dev host, this code runs 7.8 times faster.
+ Reported-by: marski on github
+ Fixes #10615
+ Closes #10625
- Closes #10377
+- hostip: avoid sscanf and extra buffer copies
-- unit2600: avoid error: ‘TEST_CASES’ defined but not used
+ Also made create_hostcache_id() return the id length.
- Follow-up to d55de24dce9d51
+ Closes #10601
- Closes #10379
+- PARALLEL-TRANSFERS.md: not "early days" for this anymore
-- escape: hex decode with a lookup-table
+ Refresh the language as the support is now over three years old
- Makes the decoding 2.8 times faster in my tests.
+ Closes #10624
- Closes #10376
+- easy: remove infof() debug leftover from curl_easy_recv
-- cf-socket: fix build error wo TCP_FASTOPEN_CONNECT
+ It said "reached [path]/easy.c:1231"
- Follow-up to 5651a36d1a
+ Closes #10628
- Closes #10378
+- idn: return error if the conversion ends up with a blank host
- Reviewed-by: Stefan Eissing
+ Some IDN sequences are converted into "" (nothing), which can make this
+ function end up with a zero length host name and we cannot consider that
+ a valid host to continue with.
-Stefan Eissing (31 Jan 2023)
+ Reported-by: Maciej Domanski
+ Closes #10617
-- CI: add pytest github workflow to CI test/tests-httpd on a HTTP/3 setup
+- examples/http3.c: use CURL_HTTP_VERSION_3
- Closes #10317
+ and update the comment
-- connect: fix strategy testing for attempts, timeouts and happy-eyeball
+ Closes #10619
- - add test2600 as a unit test that triggers various connect conditions
- and monitors behaviour, available in a debug build only.
+- x509asn1.c: use correct format specifier for infof() call
- - this exposed edge cases in connect.c that have been fixed
+ Detected by Coverity
- Closes #10312
+ Closes #10614
-- cf-socket: improvements in socket I/O handling
+- Revert "GHA: add Microsoft C++ Code Analysis"
- - Curl_write_plain/Curl_read_plain have been eliminated. Last code use
- now uses Curl_conn_send/recv so that requests use conn->send/revc
- callbacks which defaults to cfilters use.
- - Curl_recv_plain/Curl_send_plain have been internalized in cf-socket.c.
- - USE_RECV_BEFORE_SEND_WORKAROUND (active on Windows) has been moved
- into cf-socket.c. The pre_recv buffer is held at the socket filter
- context. `postponed_data` structures have been removed from
- `connectdata`.
- - the hanger in HTTP/2 request handling was a result of read buffering
- on all sends and the multi handling is not prepared for this. The
- following happens:
+ This reverts commit e0db842b2a082dffad4a9fbe31321e9a75c74041.
- - multi preforms on a HTTP/2 easy handle
- - h2 reads and processes data
- - this leads to a send of h2 data
- - which receives and buffers before the send
- - h2 returns
- - multi selects on the socket, but no data arrives (its in the buffer alre
- ady)
- the workaround now receives data in a loop as long as there is something i
- n
- the buffer. The real fix would be for multi to change, so that `data_pendi
- ng`
- is evaluated before deciding to wait on the socket.
+ This tool seems very restricted in how often it might be used by a
+ project and thus very quickly start to report fails simply because it
+ refuses to run when "there are more runs than allowed".
- io_buffer, optional, in cf-socket.c, http/2 sets state.drain if lower
- filter have pending data.
+ Closes #10613
- This io_buffer is only available/used when the
- -DUSE_RECV_BEFORE_SEND_WORKAROUND is active, e.g. on Windows
- configurations. It also maintains the original checks on protocol
- handler being HTTP and conn->send/recv not being replaced.
+Patrick Monnerat (25 Feb 2023)
- The HTTP/2 (nghttp2) cfilter now sets data->state.drain when it finds
- out that the "lower" filter chain has still pending data at the end of
- its IO operation. This prevents the processing from becoming stalled.
+- tests: test secure mail protocols with explicit SSL requests
- Closes #10280
+ New tests 987, 988 and 989, disabled for rustls (hanging).
-Daniel Stenberg (31 Jan 2023)
+ Closes #10077
-- openssl: only use CA_BLOB if verifying peer
+- tests: support for imaps/pop3s/smtps protocols
- Reported-by: Paul Groke
- Bug: https://curl.se/mail/lib-2023-01/0070.html
- Fixes #10351
- Closes #10359
+ Closes #10077
-Thomas1664 on github (31 Jan 2023)
+- runtests: use a hash table for server port numbers
-- curl_free.3: fix return type of `curl_free`
+ Closes #10077
- Fixes #10373
- Closes #10374
+Andy Alt (25 Feb 2023)
-Daniel Stenberg (30 Jan 2023)
+- INTERNALS.md: grammar
-- zuul: stop using this CI service
+ Closes #10607
- The important jobs have already transitioned. The remaining ones we can
- skip for now.
+Daniel Stenberg (25 Feb 2023)
- Closes #10368
+- RELEASE-NOTES: synced
-- copyright: remove "m4/ax_compile_check_sizeof.m4" from skips
+Philip Heiduck (25 Feb 2023)
- and report if skipped files do not exist.
+- .cirrus.yml: Bump to FreeBSD 13.2
- Follow-up to 9e11c2791fb960758 which removed the file.
+ Closes #10270
- Closes #10369
+- ngtcp2-gnutls.yml: bump to gnutls 3.8.0
-- ws: unstick connect-only shutdown
+ Closes #10507
- As this mode uses blocking sockets, it must set them back to
- non-blocking in disconnect to avoid the risk of getting stuck.
+- CI: update ngtcp2 and nghttp2 for pytest
- Closes #10366
+ Follow-up: https://github.com/curl/curl/commit/5c9ee8cef4b351a085b440f8178500
+ 124647f8e6
-- ws: remove bad assert
+ Closes #10508
- Reported-by: Stanley Wucw
- Fixes #10347
- Closes #10366
+Andy Alt (25 Feb 2023)
-- openssl: adapt to boringssl's error code type
+- GHA: use same flags for Slackbuild as Slack package
- BoringSSL uses uint32_t, OpenSSL uses 'unsigned 'long'
+ Closes #10526
- Closes #10360
+Daniel Stenberg (24 Feb 2023)
-- tool_operate: repair --rate
+- rtsp: avoid sscanf for parsing
- Regression from a55256cfb242 (7.87.0)
- Reported-by: highmtworks on github
- Fixes #10357
- Closes #10358
+ Closes #10605
-- dict: URL decode the entire path always
+- http_proxy: parse the status line without sscanf
- Reported-by: dekerser on github
- Fixes #10298
- Closes #10354
+ Closes #10602
-Stefan Eissing (29 Jan 2023)
+- telnet: error correctly for WS set to "x[num]"
-- vtls: do not null-check when we already assume cf-ctx exists
+ Follow-up to e4f93be9d587
+ Reported-by: Harry Sintonen
+ Closes #10606
- Fixes #10361
- Closes #10362
+- krb5: avoid sscanf for parsing
-Daniel Stenberg (29 Jan 2023)
+ Closes #10599
-- RELEASE-NOTES: synced
+- misc: remove support for curl_off_t < 8 bytes
-- CURLOPT_READFUNCTION.3: the callback 'size' arg is always 1
+ Closes #10597
- Reported-by: Brian Green
- Fixes #10328
- Closes #10355
+- telnet: parse NEW_ENVIRON without sscanf
-- copyright.pl: cease doing year verifications
+ Closes #10596
- As we have (mostly) removed the copyright year ranges.
+- telnet: parse the WS= argument without sscanf
- Reported-by: Ryan Schmidt
- Fixes #10345
- Closes #10352
+ Closes #10596
-Dan Fandrich (28 Jan 2023)
+- telnet: parse telnet options without sscanf
-- CI: Work around a labeler bug that removes labels
+ Closes #10596
-Jay Satiro (26 Jan 2023)
+- ftp: replace sscanf for MDTM 213 response parsing
-- write-out.d: clarify Windows % symbol escaping
+ Closes #10590
- - Clarify that in Windows batch files the % must be escaped as %%, and
- at the command prompt it cannot be escaped which could lead to
- incorrect expansion.
+- ftp: replace sscanf for PASV parsing
- Prior to this change the doc implied % must be escaped as %% in win32
- always.
+ Closes #10590
- ---
+- ftp: make the EPSV response parser not use sscanf
- Examples showing how a write-out argument is received by curl:
+ Closes #10590
- If curl --write-out "%{http_code}" is executed in a batch file:
- {http_code}
+Stefan Eissing (24 Feb 2023)
- If curl --write-out "%%{http_code}" is executed in a batch file:
- %{http_code}
+- ngtcp2: fix unwanted close of file descriptor 0
- If curl --write-out "%{http_code}" is executed from the command prompt:
- %{http_code}
+ ... causing macOS to hand out 0 as next socket handle and failing on
+ further operations.
- If curl --write-out "%%{http_code}" is executed from the command prompt:
- %%{http_code}
+ Reported-by: Sergey Fionov
+ Fixes #10593
+ Closes #10595
- At the command prompt something like "%{speed_download}%{http_code}"
- would first be parsed by the command interpreter as %{speed_download}%
- and would be expanded as environment variable {speed_download} if it
- existed, though that's highly unlikely since Windows environment names
- don't use braces.
+Daniel Stenberg (23 Feb 2023)
- ---
+- select: stop treating POLLRDBAND as an error
- Reported-by: Muhammad Hussein Ammari
+ POLLRDBAND does not seem to be an general error and on Windows the value
+ for POLLIN is 768 and the value for POLLRDBAND is 512.
- Ref: https://github.com/bagder/everything-curl/pull/279
+ Fixes #10501
+ Reported-by: opensslonzos-github on github
+ Closes #10592
- Fixes https://github.com/curl/curl/issues/10323
- Closes https://github.com/curl/curl/pull/10337
+- test978: mark file as text mode
-Ryan Schmidt (26 Jan 2023)
+ Follow-up to 4ea5702980cb
-- connect: Fix build when not ENABLE_IPV6
+ To fix test failures on Windows
- Check for ENABLE_IPV6 before accessing AF_INET6. Fixes build failure
- introduced in 1c5d8ac.
+ Closes #10594
- Closes https://github.com/curl/curl/pull/10344
+- http: rewrite the status line parser without sscanf
-- cf-socket: Fix build when not HAVE_GETPEERNAME
+ Closes #10585
- Remove remaining references to conn and sockfd, which were removed from
- the function signature when conninfo_remote was renamed to
- conn_set_primary_ip in 6a8d7ef.
+- test978: verify that --stderr works for -w's stderr as well
- Closes https://github.com/curl/curl/pull/10343
+Jay Satiro (23 Feb 2023)
-Stefan Eissing (26 Jan 2023)
+- curl: make -w's %{stderr} use the file set with --stderr
-- vtls: Manage current easy handle in nested cfilter calls
+ Reported-by: u20221022 on github
+ Fixes #10491
+ Closes #10569
- The previous implementation cleared `data` so the outer invocation lost
- its data, which could lead to a crash.
+- winbuild: fix makefile clean
- Bug: https://github.com/curl/curl/issues/10336
- Reported-by: Fujii Hironori
+ - Fix and move 'clean' code that removes the output and obj directories
+ trees from MakefileBuild.vc to Makefile.vc.
- Closes https://github.com/curl/curl/pull/10340
+ Prior to this change the 'clean' code did not work right because the
+ variables containing the directory names were not fully initialized and
+ the rmdir syntax was sometimes incorrect (typos). DIRDIST for example
+ was set to ..\builds\ and not ..\builds\$(CONFIG_NAME_LIB)\ so it would
+ remove the former and not the latter. If WITH_PREFIX was set then that
+ directory was removed instead.
-Dan Fandrich (25 Jan 2023)
+ Also, DIRDIST (the output directory) even if initialized should not be
+ removed by MakefileBuild.vc because by that time it could be set to a
+ user directory that may contain other files if WITH_PREFIX is set (eg we
+ don't want rmdir /s /q C:\usr\local). Therefore we remove from
+ Makefile.vc before any of that happens. I added a comment in both
+ makefiles explaining this.
-- CI: Add even more paths to the labeler config (#10326)
+ Closes https://github.com/curl/curl/pull/10576
-- scripts: Fix Appveyor job detection in cijobs.pl
+- sectransp: fix compiler warning c89 mixed code/declaration
- The reorganization in #9769 broke the script. This should probably be
- rewritten to use a YAML parser for better upward compatibility.
+ Since cbf57176 the Cirrus CI 'macOS arm64 SecureTransport http2' has
+ been failing due to c89 warnings mixed code/declaration. That commit is
+ not the cause so I assume something has changed in the CI outside of our
+ configuration. Anyway, we don't mix code/declaration so this is the fix
+ for that.
-- CI: Add a few more paths to the labeler config (#10326)
+ Closes https://github.com/curl/curl/pull/10574
-- CI: Switch the labeler event to pull_request_target
+Philipp Engel (22 Feb 2023)
- Otherwise, the action won't work on PRs from forked repositories
- (#10326).
+- BINDINGS: add Fortran binding
-Viktor Szakats (25 Jan 2023)
+ Closes #10589
-- cmake: delete redundant macro definition `SECURITY_WIN32`
+Stefan Eissing (22 Feb 2023)
- Stop explicitly defining `SECURITY_WIN32` in CMake builds.
+- test2600: detect when ALARM_TIMEOUT is in use and adjust
- No other build systems define this macro, because it's unconditionally
- defined in `lib/curl_sspi.h` already. This is the only curl source using
- the `sspi.h` and `security.h` Win32 headers, and no other Win32 headers
- need this macro.
+ - use higher timeout values > 1s
+ - skip duration checks
- Reviewed-by: Jay Satiro
- Closes #10341
+ Assisted-by: Marcel Raad
+ Closes #10513
-Fredrik (24 Jan 2023)
+Daniel Stenberg (22 Feb 2023)
-- winbuild: document that arm64 is supported
+- RELEASE-NOTES: synced
- Building an arm64 version works flawlessly with the VS arm64 toolset.
+- test686: verify return code for no URL after --next
- Closes https://github.com/curl/curl/pull/10332
+- tool_operate: propagate error codes for missing URL after --next
-Cherish98 (24 Jan 2023)
+ Fixes #10558
+ Reported-by: u20221022 on github
+ Closes #10580
-- openssl: don't log raw record headers
+- test1278: verify that an extra --no-remote-name cause no warning
- - Skip content type SSL3_RT_HEADER in verbose TLS output.
+- tool_getparam: don't add a new node for just --no-remote-name
- This commit prevents bogus and misleading verbose TLS header messages as
- discussed in #10299.
+ Unless --remote-name-all is used.
- Assisted-by: Peter Wu
+ Fixes #10564
+ Reported-by: u20221022 on github
+ Closes #10582
- Closes https://github.com/curl/curl/pull/10299
+- gen.pl: add '%GLOBALS' as a variable for mainpage
-Marc Aldorasi (24 Jan 2023)
+ And use it in page-header to list all global command line options.
-- cmake: use list APPEND syntax for CMAKE_REQUIRED_DEFINITIONS
+- docs/cmdline-opts: mark all global options
- - Use list() instead of set() for CMAKE_REQUIRED_DEFINITIONS list since
- the former is clearer.
+ gen.pl now outputs a generic explanations for them for each option
- Closes https://github.com/curl/curl/pull/10272
+ Fixes #10566
+ Reported-by: u20221022 on github
+ Closes #10584
-Dan Fandrich (23 Jan 2023)
+- GHA: add Microsoft C++ Code Analysis
-- CI: Add a workflow to automatically label pull requests
+ Closes #10583
- The labeler language is quite restrictive right now so labels are added
- quite conservatively, meaning that many PRs won't get labels when it's
- "obvious" they should. It will still save some manual work on those
- that it can label.
+- tool_progress: shut off progress meter for --silent in parallel
-Jay Satiro (21 Jan 2023)
+ Reported-by: finkjsc on github
+ Fixes #10573
+ Closes #10579
-- system.h: assume OS400 is always built with ILEC compiler
+- lib1560: add a test using %25 in the userinfo in a URL
- Prior to this change the OS400 types were only defined when __ILEC400__.
- That symbol is only defined by IBM's C compiler and not their C++
- compiler, which led to missing types when users on OS400 would compile a
- C++ application that included curl.
+ Closes #10578
- The IBM C and C++ compilers are the only native compilers on the
- platform.
+Stefan Eissing (21 Feb 2023)
- Assisted-by: Jon Rumsey
- Reported-by: John Sherrill
+- CURLOPT_PIPEWAIT: allow waited reuse also for subsequent connections
- Fixes https://github.com/curl/curl/issues/10305
- Closes https://github.com/curl/curl/pull/10329
+ As tested in test_02_07, when firing off 200 urls with --parallel, 199
+ wait for the first connection to be established. if that is multiuse,
+ urls are added up to its capacity.
-xgladius (20 Jan 2023)
+ The first url over capacity opens another connection. But subsequent
+ urls found the same situation and open a connection too. They should
+ have waited for the second connection to actually connect and make its
+ capacity known.
-- cmake: Remove deprecated symbols check
+ This change fixes that by
- curl stopped use of CMAKE_USE_ as a prefix for its own build symbols in
- 2021 and added a check, meant to last 1 year, to fatally error on those
- symbols. This commit removes that check.
+ - setting `connkeep()` early in the HTTP setup handler. as otherwise
+ a new connection is marked as closeit by default and not considered
+ for multiuse at all
+ - checking the "connected" status for a candidate always and continuing
+ to PIPEWAIT if no alternative is found.
- Closes https://github.com/curl/curl/pull/10314
+ pytest:
+ - removed "skip" from test_02_07
+ - added test_02_07b to check that http/1.1 continues to work as before
-Dan Fandrich (20 Jan 2023)
+ Closes #10456
-- docs: POSTFIELDSIZE must be set to -1 with read function
+Daniel Stenberg (21 Feb 2023)
- Reported-by: RanBarLavie on github
+- test419: verify --dump-header to file that cannot be created
- Closes #10313
+ Closes #10571
-Stefan Eissing (20 Jan 2023)
-
-- vtls: fix hostname handling in filters
-
- - Copy the hostname and dispname to ssl_connect_data.
-
- Use a copy instead of referencing the `connectdata` instance since this
- may get free'ed on connection reuse.
+- tool_operate: avoid fclose(NULL) on bad header dump file
- Reported-by: Stefan Talpalaru
- Reported-by: sergio-nsk@users.noreply.github.com
+ Fixes #10570
+ Reported-by: Jérémy Rabasco
+ Closes #10571
- Fixes https://github.com/curl/curl/issues/10273
- Fixes https://github.com/curl/curl/issues/10309
+- RELEASE-NOTES: synced
- Closes https://github.com/curl/curl/pull/10310
+ Starting the journey towards 8.0.0
-Sergey Bronnikov (17 Jan 2023)
+- cookie: parse without sscanf()
-- lib: fix typos
+ Saves us from using 2*4096 bytes buffers on stack, the extra copies and
+ more.
- Closes https://github.com/curl/curl/pull/10307
+ Closes #10550
-- curl_version_info.3: fix typo
+- lib517: verify time stamps without leading zeroes plus some more
- Closes https://github.com/curl/curl/pull/10306
+- parsedate: replace sscanf( for time stamp parsing
-Jay Satiro (17 Jan 2023)
+ Closes #10547
-- openssl: Don't ignore CA paths when using Windows CA store (redux)
+- parsedate: parse strings without using sscanf()
- .. and remove 'experimental' designation from CURLSSLOPT_NATIVE_CA.
+ - sscanf is slow and complex, avoid it
+ - give up already if the string is 12 bytes or longer as no valid string
+ can be that long
+ - this can now be done without copy
- This commit restores the behavior of CURLSSLOPT_NATIVE_CA so that it
- does not override CURLOPT_CAINFO / CURLOPT_CAPATH, or the hardcoded
- default locations. Instead the native Windows CA store can be used at
- the same time.
+ Closes #10547
- ---
+Matt Jolly (20 Feb 2023)
- This behavior was originally added over two years ago in abbc5d60
- (#5585) but then 83393b1a (#7892) broke it over a year ago, I assume
- inadvertently.
+- tests: HTTP server fixups
- The CURLSSLOPT_NATIVE_CA feature was marked experimental and likely
- rarely used.
+ - httpserver.pl -> http-server.pl for consistency
+ - add http3-server.pl to EXTRA_DIST; alphabetise for maintainability
+ - nghttpx proxy invocation scripts should not use getcwd
- Ref: https://github.com/curl/curl/pull/5585
- Ref: https://github.com/curl/curl/pull/7892
- Ref: https://curl.se/mail/lib-2023-01/0019.html
+ Closes #10568
- Closes https://github.com/curl/curl/pull/10244
+Version 7.88.1 (20 Feb 2023)
-Daniel Stenberg (13 Jan 2023)
+Daniel Stenberg (20 Feb 2023)
- RELEASE-NOTES: synced
-- ws: fix autoping handling
+ 7.88.1 release
- Reported-by: Alexey Savchuk
- Fixes #10289
- Closes #10294
+- THANKS: add contributors from 7.88.1
-- curl_log: avoid printf() format checking with mingw
+- socketpair: allow EWOULDBLOCK when reading the pair check bytes
- Since it does not seem to like %zu and more
+ Reported-by: Gunamoi Software
+ Co-authored-by: Jay Satiro
+ Fixes #10561
+ Closes #10562
- Follow-up to db91dbbf2
+Jay Satiro (18 Feb 2023)
- Fixes #10291
- Closes #10292
+- tool_operate: fix scanbuild compiler warning
-- tool_getparam: fix compiler warning when !HAVE_WRITABLE_ARGV
+ Prior to this change Azure CI scanbuild warned of a potential NULL
+ pointer string passed to strtol when CURLDEBUG enabled, even though the
+ way the code was written it wouldn't have happened.
- Follow-up to 2ed0e1f70ee176edf3d2
+ Bug: https://github.com/curl/curl/commit/5479d991#r101159711
+ Reported-by: Marcel Raad
- Closes #10286
+ Closes https://github.com/curl/curl/pull/10559
-Stefan Eissing (12 Jan 2023)
+- curl_setup: Suppress OpenSSL 3 deprecation warnings
-- openssl: make the BIO_METHOD a local variable in the connection filter
+ - Define OPENSSL_SUPPRESS_DEPRECATED.
- This avoids UAF issues when `curl_global_cleanup()` is called before all
- transfers have been completely handled. Unfortunately this seems to be a
- more common pattern than we like.
+ OpenSSL 3 has deprecated some of the functions libcurl uses such as
+ those with DES, MD5 and ENGINE prefix. We don't have replacements for
+ those functions so the warnings were disabled in autotools and cmake
+ builds, but still showed in other builds.
- Closes #10285
+ Closes https://github.com/curl/curl/pull/10543
-Daniel Stenberg (12 Jan 2023)
+- build-openssl.bat: keep OpenSSL 3 engine binaries
-- curl: output warning at --verbose output for debug-enabled version
+ Prior to this change copying the OpenSSL 3 engine binaries failed
+ because 'engines-1_1' (OpenSSL 1.1.x folder name) was erroneously used
+ instead of 'engines-3'. The OpenSSL 3 builds would complete successfully
+ but without the engine binaries.
- + a libcurl warning in the debug output
+ Closes https://github.com/curl/curl/pull/10542
- Assisted-by: Jay Satiro
+ALittleDruid (18 Feb 2023)
- Ref: https://curl.se/mail/lib-2023-01/0039.html
- Closes #10278
+- cmake: fix Windows check for CryptAcquireContext
-- src: add --http3-only
+ Check for CryptAcquireContext in windows.h and wincrypt.h only, since
+ otherwise this check may fail due to third party headers not found.
- Warning: --http3 and --http3-only are subject to change again (or be
- removed) before HTTP/3 support goes non-experimental.
+ Closes https://github.com/curl/curl/pull/10353
- Closes #10264
+Daniel Stenberg (19 Feb 2023)
-- curl.h: add CURL_HTTP_VERSION_3ONLY
+- remote-header-name.d: mention that filename* is not supported
- As the previous CURL_HTTP_VERSION_3 option gets a slightly altered meaning.
+ and that you can use --clobber to allow overwriting.
- Closes #10264
+ Ref: #10533
+ Closes #10555
-- connect: fix access of pointer before NULL check
+ Co-authored-by: Jay Satiro <raysatiro@yahoo.com>
- Detected by Coverity CID 1518992
+Pierrick Charron (18 Feb 2023)
- Closes #10284
+- CURLOPT_WS_OPTIONS.3: fix the availability version
-Daniel Gustafsson (12 Jan 2023)
+ Closes #10557
-- easyoptions: Fix header printing in generation script
+Jacob Hoffman-Andrews (18 Feb 2023)
- The optiontable.pl script prints the header comment when generating
- easyoptions.c, but it wasn't escaping all characters which jumbled the
- curl ascii logo. Fix by escaping.
+- GHA: update rustls dependency to 0.9.2
- Cloes #10275
+ This allows re-enabling test 312 for the rustls backend.
-Harry Sintonen (12 Jan 2023)
+ Closes #10553
-- tool_getparam: fix hiding of command line secrets
+Philip Heiduck (18 Feb 2023)
- Closes #10276
+- HTTP3.md: update git branches
-Stefan Eissing (12 Jan 2023)
+ Closes #10554
-- tests: document the cfilter debug logging options
+Stefan Eissing (17 Feb 2023)
- Closes #10283
+- urldata: remove `now` from struct SingleRequest - not needed
-- curl_log: for failf/infof and debug logging implementations
+ Closes #10549
- - new functions and macros for cfilter debugging
- - set CURL_DEBUG with names of cfilters where debug logging should be
- enabled
- - use GNUC __attribute__ to enable printf format checks during compile
+Daniel Stenberg (17 Feb 2023)
- Closes #10271
+- lib1560: add IPv6 canonicalization tests
-Daniel Stenberg (10 Jan 2023)
+ Closes #10552
- RELEASE-NOTES: synced
-Nick Banks (10 Jan 2023)
+- urlapi: do the port number extraction without using sscanf()
-- msh3: update to v0.6
+ - sscanf() is rather complex and slow, strchr() much simpler
- Closes #10192
+ - the port number function does not need to fully verify the IPv6 address
+ anyway as it is done later in the hostname_check() function and doing
+ it twice is unnecessary.
-Stefan Eissing (10 Jan 2023)
+ Closes #10541
-- ngtcp2: add CURLOPT_SSL_CTX_FUNCTION support for openssl+wolfssl
+Stefan Eissing (17 Feb 2023)
- Using common method for SSL_CTX initialization of verfiy peer and CA
- settings. This also provides X509_STORE sharing to become available for
- ngtcp2+openssl HTTP/3.
+- setopt: allow HTTP3 when HTTP2 is not defined
- Reported-by: violetlige on github
+ Reported-by: Karthikdasari0423 on github
+ Fixes #10538
+ Closes #10544
- Fixes #10222
- Closes #10239
+Jon Rumsey (17 Feb 2023)
-Daniel Stenberg (10 Jan 2023)
+- os400: correct Curl_os400_sendto()
-- cf-socket: make infof() call use %zu for size_t output
+ Add const qualifier to 5th argument of Curl_os400_sendto()
- Detected by Coverity CID 1518986 and CID 1518984
+ Make OS400 wrapper for sendto match the normal prototype of sendto()
+ with a const qualifier.
- Closes #10268
+ Fixes #10539
+ Closes #10548
-Jon Rumsey (10 Jan 2023)
+Stefan Eissing (17 Feb 2023)
-- os400: fixes to make-lib.sh and initscript.sh
+- tests-httpd: add proxy tests
- Adjust how exports list is generated from header files to account for
- declarations across multiple lines and CURL_DEPRECATED(...) tags.
+ for direct and tunneling checks on http: and https:
- Update initscript.sh
+ Closes #10519
- Specify qadrt_use_inline to prevent unistd.h in ASCII runtime defining
- close(a) -> close_a(a)
+Daniel Stenberg (17 Feb 2023)
- Fixes #10266
- Closes #10267
+- curl: make --silent work stand-alone
-Stefan Eissing (9 Jan 2023)
+ - renamed the struct field to 'silent' to match the cmdline option
+ - make --show-error toggle independently of --silent
+ - make --silent independent of ->noprogress as well
-- tests-httpd: basic infra to run curl against an apache httpd plus nghttpx for
- h3
+ By doing this, the three options --silent, --no-progress-meter and
+ --show-error should work independently of each other and also work with
+ and without '--no-' prefix as documented.
- - adding '--with-test-httpd=<path>' to configure non-standard apache2
- install
- - python env and base classes for running httpd
- - basic tests for connectivity with h1/h2/h3
- - adding test cases for truncated responses in http versions.
- - adding goaway test for HTTP/3.
- - adding "stuttering" tests with parallel downloads in chunks with
- varying delays between chunks.
+ Reported-by: u20221022 on github
+ Fixes #10535
+ Closes #10536
- - adding a curltest module to the httpd server, adding GOAWAY test.
- - mod_curltest now installs 2 handlers
- - 'echo': writing as response body what came as request body
- - 'tweak': with query parameters to tweak response behaviour
- - marked known fails as skip for now
+- socks: allow using DoH to resolve host names
- Closes #10175
+ For SOCKS modes where a local host resolve is done.
-- quic: improve connect error message, debugging info, fix false connect report
+ It was previously disabled in 12d655d4561, but a few local tests seem to
+ indicate that it works fine. Works now because of the SOCKS refactor of
+ 4a4b63daaa01ef59 that made it non-blocking.
- - ECONNECTREFUSED has not its own fail message in quic filters
- - Debug logging in connect eyballing improved
- - Fix bug in ngtcp2/quiche that could lead to false success reporting.
+ Reported-by: roughtex on github
+ Fixes #10537
+ Closes #10540
- Reported-by: Divy Le Ray
+Stefan Eissing (17 Feb 2023)
- Fixes #10245
- Closes #10248
+- test: add test for HTTP/2 corruption as reported in #10525
-- quiche: fix build without any HTTP/2 implementation
+ - adding test_02_20 for reproducing the situation
+ - using recently released mod_h2 Apache module
+ - skipping test if an older version is installed
+ - adding installation of current mod_h2 to github pytest workflow
- Fixes #10260
- Closes #10263
+ This reproduces the error reliable (for me) on the lib/http2.c version
+ of curl 7.88.0. And passes with the recent curl master.
-Daniel Stenberg (9 Jan 2023)
+ Closes #10534
-- .github/workflows/linux.yml: add a quiche CI job
+Daniel Stenberg (16 Feb 2023)
- Move over from zuul
+- tool_operate: allow debug builds to set buffersize
- Closes #10241
+ Using the CURL_BUFFERSIZE environment variable.
-- curl.h: allow up to 10M buffer size
+ Closes #10532
- Bump the limit from 512K. There might be reasons for applications using
- h3 to set larger buffers and there is no strong reason for curl to have
- a very small maximum.
+Stefan Eissing (16 Feb 2023)
- Ref: https://curl.se/mail/lib-2023-01/0026.html
+- connnect: fix timeout handling to use full duration
- Closes #10256
+ - connect timeout was used at half the configured value, if the
+ destination had 1 ip version 4 and other version 6 addresses
+ (or the other way around)
+ - extended test2600 to reproduce these cases
-Tatsuhiro Tsujikawa (8 Jan 2023)
+ Reported-by: Michael Kaufmann
+ Fixes #10514
+ Closes #10517
-- GHA: use designated ngtcp2 and its dependencies versions
+Daniel Stenberg (16 Feb 2023)
- Designate ngtcp2 and its dependency versions so that the CI build does
- not fail without our control.
+- tool_getparam: make --get a true boolean
- Closes #10257
+ To match how it is documented in the man page.
-Daniel Stenberg (8 Jan 2023)
+ Fixes #10527
+ Reported-by: u20221022 on github
+ Closes #10531
-- docs/cmdline-opts/hsts.d: explain hsts more
+Harry Sintonen (16 Feb 2023)
- Closes #10258
+- http:: include stdint.h more readily
-Stefan Eissing (8 Jan 2023)
+ Closes #10516
-- msh3: run again in its cfilter
+Stefan Eissing (16 Feb 2023)
- - test 2500, single GET works
- - test 2501, single POST stalls
- - test 2502, multiple, sequential GETs each use a new connection since
- MsH3ConnectionGetState(qconn) no longer reports CONNECTED after one
- GET.
+- tests: make the telnet server shut down a socket gracefully
- Closes #10204
+ - test 1452 failed occasionally with ECONNRESET errnos in curl when the
+ server closed the connection in an unclean state.
-Jay Satiro (8 Jan 2023)
+ Closes #10509
-- sendf: fix build for Linux TCP fastopen
+Harry Sintonen (16 Feb 2023)
- - Fix the remote addr struct dereference.
+- http2: set drain on stream end
- - Include cf-socket.h in urldata.h.
+ Ensure that on_frame_recv() stream end will trigger a read if there is
+ pending data. Without this it could happen that the pending data is
+ never consumed.
- Follow-up to 6a8d7ef9 which changed conn->ipaddr (Curl_addrinfo* )
- member to conn->remote_addr (Curl_sockaddr_ex *) several days ago.
+ This combined with https://github.com/curl/curl/pull/10529 should fix
+ https://github.com/curl/curl/issues/10525
- Reported-by: Stephan Guilloux
+ Ref: https://github.com/curl/curl/issues/10525
+ Closes #10530
- Fixes https://github.com/curl/curl/issues/10249
- Closes https://github.com/curl/curl/pull/10250
+Stefan Eissing (16 Feb 2023)
-Daniel Stenberg (7 Jan 2023)
+- http2: buffer/pausedata and output flush fix.
-- RELEASE-NOTES: synced
+ * do not process pending input data when copying pausedata to the
+ caller
+ * return CURLE_AGAIN if the output buffer could not be completely
+ written out.
-- setopt: move the SHA256 opt within #ifdef libssh2
+ Ref: #10525
+ Closes #10529
- Because only the libssh2 backend not supports it and thus this should
- return error if this option is used other backends.
+Marcel Raad (16 Feb 2023)
- Reported-by: Harry Sintonen
+- krb5: silence cast-align warning
- Closes #10255
+ Add an intermediate cast to `void *`, as done everywhere else when
+ casting from `sockaddr *` to `sockaddr_in *`.
-Patrick Monnerat (7 Jan 2023)
+ Closes https://github.com/curl/curl/pull/10528
-- nss: implement data_pending method
+Daniel Stenberg (15 Feb 2023)
- NSS currently uses the default Curl_none_data_pending() method which
- always returns false, causing TLS buffered input data to be missed.
+- RELEASE-NOTES: synced
- The current commit implements the nss_data_pending() method that properly
- monitors the presence of available TLS data.
+ bumped to 7.88.1
- Ref:#10077
+- tests: make sure gnuserv-tls has SRP support before using it
- Closes #10225
+ Reported-by: fundawang on github
+ Fixes #10522
+ Closes #10524
-Jay Satiro (6 Jan 2023)
+- runtests: fix "uninitialized value $port"
-- CURLOPT_HEADERDATA.3: warn DLL users must set write function
+ by using a more appropriate variable
- - Warn that in Windows if libcurl is running from a DLL and if
- CURLOPT_HEADERDATA is set then CURLOPT_WRITEFUNCTION or
- CURLOPT_HEADERFUNCTION must be set as well, otherwise the user may
- experience crashes.
+ Reported-by: fundawang on github
+ Fixes #10518
+ Closes #10520
- We already have a similar warning in CURLOPT_WRITEDATA. Basically, in
- Windows libcurl could crash writing a FILE pointer that was created by
- a different C runtime. In Windows each DLL that is part of a program may
- or may not have its own C runtime.
+Version 7.88.0 (15 Feb 2023)
- Ref: https://github.com/curl/curl/issues/10231
+Daniel Stenberg (15 Feb 2023)
- Closes https://github.com/curl/curl/pull/10233
+- RELEASE-NOTES: synced
-Jon Rumsey (5 Jan 2023)
+ 7.88.0 release
-- x509asn1: fix compile errors and warnings
+- THANKS: added contributors from 7.88.0
- Various small issues when built for GSKit
+- openssl: rename 'errcode_t' to 'sslerr_t'
- Closes #10238
+ Turns out "/usr/include/et/com_err.h" typedefs this type (without proper
+ variable scoping).
-Patrick Monnerat (5 Jan 2023)
+ comerr is the "common error description library" that apparently might be use
+ d
+ by krb5 code, which then makes this header get used in a curl build.
-- runtests: fix detection of TLS backends
+ Reported-by: Bruno Henrique Batista Cruz da Silva
+ Fixed #10502
+ Closes #10500
- Built-in TLS backends are detected at test time by scanning for their
- names in the version string line returned by the cli tool: as this line
- may also list the libssh configuration that mentions its own backend,
- the curl backend may be wrongly determined.
+Dan Fandrich (13 Feb 2023)
- In example, if the version line contains "libssh/0.10.4/openssl/zlib",
- OpenSSL is detected as a curl-configured backend even if not.
+- CONTRIBUTE: More formally specify the commit description
- This fix requires the backend names to appear as full words preceded by
- spacing in the version line to be recognized as curl TLS backends.
+ This codifies what people have actually used in git commits over the
+ past 6 years. I've left off some lesser-used headers that appear to
+ duplicate others and tried to describe a consistent use for several
+ others that were used more arbitrarily.
- Closes #10236
+ This makes it easier for new committers to find out the kinds of things
+ we want to acknowledge, makes it easier to perform statistical analysis
+ on commits, and opens the possibility of performing lint checks on
+ descriptions before submission.
-Andy Alt (5 Jan 2023)
+ Reviewed-by: Daniel Stenberg
+ Reviewed-by: Jay Satiro
-- GHA: add job on Slackware 15.0
+ Closes #10478
- Closes #10230
+Stefan Eissing (13 Feb 2023)
-Daniel Stenberg (5 Jan 2023)
+- openssl: test and fix for forward proxy handling (non-tunneling).
-- test363: make even smaller writes to loop more
+ - adding pytest test_10 cases for proxy httpd setup tests
+ - fixing openssl bug in https: proxy hostname verification that
+ used the hostname of the request and not the proxy name.
-- http_proxy: do not assign data->req.p.http use local copy
+ Closes #10498
- Avoid the tricky reusing of the data->req.p.http pointer for http proxy
- tunneling.
+Daniel Stenberg (13 Feb 2023)
- Fixes #10194
- Closes #10234
+- cmdline-opts/Makefile: on error, do not leave a partial
-Stefan Eissing (5 Jan 2023)
+ And support 'make V=1' to show the full command line
-- quic: rename vquic implementations, fix for quiche build.
+ Closes #10497
- - quiche in debug mode did not build, fixed.
- - moved all vquic implementation files to prefix curl_* to avoid
- the potential mixups between provided .h files and our own.
- - quich passes test 2500 and 2502. 2501, the POST, fail with
- the body being rejected. Quich bug?
+- curl.1: make help, version and manual sections "custom"
- Closes #10242
+ Instead of using "multi: boolean", as these are slightly special as in
+ they do are not enable/disable ones.
-- sectransp: fix for incomplete read/writes
+ Fixes #10490
+ Reported-by: u20221022 on github
+ Closes #10497
- SecureTransport expects result code errSSLWouldBlock when the requested
- length could not be sent/recieved in full. The previous code returned
- noErr, which let SecureTransport to believe that the IO had terminated
- prematurely.
+Stefan Eissing (13 Feb 2023)
- Fixes #10227
- Closes #10235
+- tests: add tests for HTTP/2 and HTTP/3 to verify the header API
-Andy Alt (5 Jan 2023)
+ Test 2403 and 2503 check "header_json" output and therefore use of
+ header-api
-- GHA: Hacktoberfest CI: Update deprecated 'set-output' command
+ Closes #10495
- Closes #10221
+Philip Heiduck (13 Feb 2023)
-Jay Satiro (5 Jan 2023)
+- CI: update wolfssl / wolfssh to 5.5.4 / 1.4.12
-- scripts: set file mode +x on all perl and shell scripts
+ Closes #10493
- - Set all scripts +x, ie 644 => 755.
+Daniel Stenberg (13 Feb 2023)
- Prior to this change some scripts were not executable and therefore
- could not be called directly.
+- KNOW_BUGS: cleanups with some changed to TODOs
- ~~~
- git ls-files -s \*.{sh,pl,py} | grep -v 100755
- ~~~
+ - remove "Excessive HTTP/2 packets with TCP_NODELAY"
- Closes https://github.com/curl/curl/pull/10219
+ This is not a bug. Rather room for improvement.
-Stefan Eissing (4 Jan 2023)
+ I believe these have been fixed:
-- tool_operate: fix headerfile writing
+ - 17.4 Connection failures with parallel HTTP/2
+ - 17.5 HTTP/2 connections through HTTPS proxy frequently stall
- Do not rely on the first transfer started to be the first to get a
- response (remember -Z). All transfers now write the headefile (-D) in
- append mode, making sure that the order of transfer responses does not
- lead to overwrites of previous data.
+ - remove "FTPS needs session reuse"
- Closes #10224
+ That is still true, but curl should also do session reuse now.
-Daniel Stenberg (4 Jan 2023)
+ - remove "ASCII FTP"
-- misc: reduce struct and struct field sizes
+ It is documented behavior, and not single user has asked for extended
+ functionality here the last decade or so.
- - by using BIT() instead of bool
- - imap: shrink struct
- - ftp: make state 'unsigned char'
- - ftp: sort ftp_conn struct entries on size
- - urldata: use smaller fields for SSL version info storage
- - pop3: reduce the pop3_conn struct size
- - smtp: reduce the size of the smtp structs
+ - remove "Passive transfer tries only one IP address"
- Closes #10186
+ add as a TODO
-- noproxy: support for space-separated names is deprecated
+ - remove "DoH leaks memory after followlocation"
- To be removed in July 2024.
+ With a recipe on how to reproduce, this is pointless to keep around
- Assisted-by: Michael Osipov
- Fixes #10209
- Closes #10215
+ - remove "DoH does not inherit all transfer options"
-Andrei Rybak (4 Jan 2023)
+ add it as a TODO
-- lib: fix typos in comments which repeat a word
+ Closes #10487
- Remove erroneously duplicated words in code comments of files
- `lib.connect.c` and `lib/url.c`.
+Tatsuhiro Tsujikawa (13 Feb 2023)
- Closes #10220
+- GHA: bump ngtcp2 workflow dependencies
-Radek Brich (3 Jan 2023)
+ Closes #10494
-- cmake: set SOVERSION also for macOS
+Patrick Monnerat (13 Feb 2023)
- Closes #10214
+- content_encoding: do not reset stage counter for each header
-Jay Satiro (3 Jan 2023)
+ Test 418 verifies
-- http2: fix compiler warning due to uninitialized variable
+ Closes #10492
- Prior to this change http2_cfilter_add could return an uninitialized
- cfilter pointer in an OOM condition. In this case though, the pointer
- is discarded and not dereferenced so there was no risk of a crash.
+Daniel Stenberg (13 Feb 2023)
-Stefan Eissing (3 Jan 2023)
+- RELEASE-NOTES: synced
-- cf-socket: keep sockaddr local in the socket filters
+Jay Satiro (13 Feb 2023)
- - copy `struct Curl_addrinfo` on filter setup into context
- - remove `struct Curl_addrinfoi *` with `struct Curl_sockaddr_ex *` in
- connectdata that is set and NULLed by the socket filter
- - this means we have no reference to the resolver info in connectdata or
- its filters
- - trigger the CF_CTRL_CONN_INFO_UPDATE event when the complete filter
- chain reaches connected status
- - update easy handle connection information on CF_CTRL_DATA_SETUP event.
+- multi: stop sending empty HTTP/3 UDP datagrams on Windows
- Closes #10213
+ - Limit the 0-sized send procedure that is used to reset a SOCKET's
+ FD_WRITE to TCP sockets only.
-Daniel Stenberg (3 Jan 2023)
+ Prior to this change the reset was used on UDP sockets as well, but
+ unlike TCP sockets a 0-sized send actually sends out a datagram.
-- RELEASE-NOTES: synced
+ Assisted-by: Marc Hörsken
-- runtests: consider warnings fatal and error on them
+ Ref: https://github.com/curl/curl/pull/9203
- To help us detect and fix warnings in this script easier and faster.
+ Fixes https://github.com/curl/curl/issues/9086
+ Closes https://github.com/curl/curl/pull/10430
- Assisted-by: Jakob Hirsch
+Viktor Szakats (12 Feb 2023)
- Ref: #10206
- Closes #10208
+- h3: silence compiler warnings
-- copyright: update all copyright lines and remove year ranges
+ Reviewed-by: Daniel Stenberg
+ Fixes #10485
+ Closes #10486
- - they are mostly pointless in all major jurisdictions
- - many big corporations and projects already don't use them
- - saves us from pointless churn
- - git keeps history for us
- - the year range is kept in COPYING
+Daniel Stenberg (12 Feb 2023)
- checksrc is updated to allow non-year using copyright statements
+- smb: return error on upload without size
- Closes #10205
+ The protocol needs to know the size ahead of time, this is now a known
+ restriction and not a bug.
-- docs/DEPRECATE.md: deprecate gskit
+ Also output a clearer error if the URL path does not contain proper
+ share.
- Ref: #10163
+ Ref: #7896
+ Closes #10484
- - This is a niche TLS library, only running on some IBM systems
- - no regular curl contributors use this backend
- - no CI builds use or verify this backend
- - gskit, or the curl adaption for it, lacks many modern TLS features
- making it an inferior solution
- - build breakages in this code take weeks or more to get detected
- - fixing gskit code is mostly done "flying blind"
+Viktor Szakats (12 Feb 2023)
- Closes #10201
+- windows: always use curl's basename() implementation
-- Revert "x509asn1: avoid freeing unallocated pointers"
+ The `basename()` [1][2] implementation provided by mingw-w64 [3] makes
+ assumptions about input encoding and may break with non-ASCII strings.
- This reverts commit 6b19247e794cfdf4ec63c5880d8f4f5485f653ab.
+ `basename()` was auto-detected with CMake, autotools and since
+ 68fa9bf3f5d7b4fcbb57619f70cb4aabb79a51f6 (2022-10-13), also in
+ `Makefile.mk` after syncing its behaviour with the mainline build
+ methods. A similar patch for curl-for-win broke official Windows
+ builds earlier, in release 7.83.1_4 (2022-06-15).
- Fixes #10163
- Closes #10207
+ This patch forces all Windows builds to use curl's internal
+ `basename()` implementation to avoid such problems.
-- ngtcp2: fix the build without 'sendmsg'
+ [1]: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/basename.html
+ [2]: https://www.man7.org/linux/man-pages/man3/basename.3.html
+ [3]: https://sourceforge.net/p/mingw-w64/mingw-w64/ci/master/tree/mingw-w64-c
+ rt/misc/basename.c
- Follow-up from 71b7e0161032
+ Reported-by: UnicornZhang on Github
+ Assisted-by: Cherish98 on Github
+ Reviewed-by: Daniel Stenberg
- Closes #10210
+ Fixes #10261
+ Closes #10475
-- cmake: check for sendmsg
+Philip Heiduck (12 Feb 2023)
- Used by ngtcp2
+- Linux CI: Bump rustls-ffi to v0.9.1
- Closes #10211
+ Closes #10476
-Timmy Schierling (2 Jan 2023)
+Daniel Stenberg (12 Feb 2023)
-- runtest.pl: add expected fourth return value
+- libtest: build lib2305 with multibyte as well
- Fixes warning in autobild log: "Use of uninitialized value $HTTP2TLSPORT
- in substitution iterator at /tests/runtests.pl line 3516"
+ Fixes a build regression.
- Closes #10206
+ Follow-up to 5a9a04d5567
+ Reported-by: Viktor Szakats
+ Ref: https://github.com/curl/curl/pull/10475#issuecomment-1426831800
-Daniel Stenberg (2 Jan 2023)
+ Closes #10477
-- http2: when using printf %.*s, the length arg must be 'int'
+Dmitry Atamanov (12 Feb 2023)
- Detected by Coverity CID 1518341
+- cmake: fix dev warning due to mismatched arg
- Closes #10203
+ The package name passed to find_package_handle_standard_args (BROTLI)
+ does not match the name of the calling package (Brotli). This can lead
+ to problems in calling code that expects find_package result variables
+ (e.g., _FOUND) to follow a certain pattern.
-- cfilters: check for NULL before using pointer
+ Closes https://github.com/curl/curl/pull/10471
- Detected by Coverity CID 1518343
+James Keast (11 Feb 2023)
- Closes #10202
+- setopt: Address undefined behaviour by checking for null
-- http2: in connisdead check, attach the connection before reading
+ This addresses undefined behaviour found using clang's UBsan:
- Otherwise data->conn is NULL and things go wrong.
+ curl/lib/setopt.c:177:14: runtime error: applying non-zero offset 1 to null p
+ ointer
+ SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior curl/lib/setopt.c:177
+ :14 in
- This problem caused occastional failures in test 359, 1700 and more
- depending on timing and the alignment of various planets.
+ Closes #10472
- Assisted-by: Stefan Eissing
+Jacob Hoffman-Andrews (11 Feb 2023)
- Closes #10199
+- rustls: improve error messages
-Philip Heiduck (2 Jan 2023)
+ Changes numeric error codes into verbose error codes in two places.
+ Adds a prefix indicating that the error came from rustls, and in some
+ places which function it came from.
-- Linux CI: update some dependecies to latest tag
+ Adds special handling for RUSTLS_RESULT_UNEXPECTED_EOF, since the
+ default message of "Unexpected EOF" is insufficiently explanatory.
- Closes #10195
+ Closes #10463
-Daniel Stenberg (2 Jan 2023)
+Daniel Stenberg (11 Feb 2023)
-- c-hyper: move down the Accept-Encoding header generation
+- openssl: remove dead code
- To match the internal HTTP request header order so that test 1277 works
- again.
+ Follow-up to e8b00fcd6a
- Closes #10200
+ Due to the new 'if(!nonblocking)' check on the block a level above,
+ there is no need to check for it again within the same conditional.
-- release-notes.pl: check fixes/closes lines better
+ Detected by Coverity
- To better skip lines that just happen to mention those words at the
- start of a line without being instructions.
+ Closes #10473
-- test1560: use a UTF8-using locale when run
+- ngtcp2: replace removed define and stop using removed function
- There are odd cases that don't use UTF8 and then the IDN handling goes
- wrong.
+ They were removed upstream.
- Reported-by: Marcel Raad
- Fixes #10193
- Closes #10196
+ Reported-by: Karthikdasari0423 on github
+ Fixes #10469
+ Closes #10474
-- cf-socket: fix build regression
+- scripts/delta: show percent of number of files changed since last tag
- Reported-by: Stephan Guilloux
- Fixes #10190
- Closes #10191
+- RELEASE-NOTES: synced
-- examples: remove the curlgtk.c example
+Stefan Eissing (10 Feb 2023)
- - it does not add a lot of value
- - we do not test-build it to verify because of its dependencies
- - unclear for what GTK versions it works or not
+- pytest: add a test case for PUSH related things.
- Reported-by: odek86 on github
+ - checking that "103 Early Hints" are visible in curl's header dump file
- Fixes #10197
- Closes #10198
+ Closes #10452
-Andy Alt (2 Jan 2023)
+Gregory Panakkal (10 Feb 2023)
-- docs: add link to GitHub Discussions
+- WEBSOCKET.md: typo
- Closes #10171
+ Fixing missing slash for ws protocol scheme
-- GHA: ignore changes to md files for most workflows
+ Closes #10464
- Closes #10176
+Stefan Eissing (10 Feb 2023)
-Josh Brobst (2 Jan 2023)
+- vquic: stabilization and improvements
-- http: decode transfer encoding first
+ vquic stabilization
+ - udp send code shared between ngtcp2 and quiche
+ - quiche handling of data and events improved
- The unencoding stack is added to as Transfer-Encoding and
- Content-Encoding fields are encountered with no distinction between the
- two, meaning the stack will be incorrect if, e.g., the message has both
- fields and a non-chunked Transfer-Encoding comes first. This commit
- fixes this by ordering the stack with transfer encodings first.
+ ngtcp2 and pytest improvements
+ - fixes handling of "drain" situations, discovered in scorecard
+ tests with the Caddy server.
+ - improvements in handling transfers that have already data or
+ are already closed to make an early return on recv
- Reviewed-by: Patrick Monnerat
- Closes #10187
+ pytest
+ - adding caddy tests when available
-Daniel Stenberg (1 Jan 2023)
+ scorecard improvemnts.
+ - using correct caddy port
+ - allowing tests for only httpd or caddy
-- curl.h: mark CURLSSLBACKEND_MESALINK as deprecated
+ Closes #10451
- Follow-up since 223f26c28a340b36
+Philip Heiduck (10 Feb 2023)
- Deprecated since 7.82.0
+- Linux CI: update some dependecies to latest tag
- Closes #10189
+ Closes #10458
-- curl_global_sslset.3: clarify the openssl situation
+Daniel Stenberg (10 Feb 2023)
- and add rustls
+- test2305: send 3 frames, 4097 bytes each, as one message
- Closes #10188
+ Receive them using a 256 bytes buffer in a loop.
-Cameron Blomquist (1 Jan 2023)
+- ws: fix recv of larger frames
-- http: add additional condition for including stdint.h
+ + remove 'oleft' from the struct
+ + deal with "overflow data" in a separate dynbuf
- stdint.h was only included in http.h when ENABLE_QUIC was defined, but
- symbols from stdint.h are also used when USE_NGHTTP2 is defined. This
- causes build errors when USE_NGHTTP2 is defined but ENABLE_QUIC is not.
+ Reported-by: Mike Duglas
+ Fixes #10438
+ Closes #10447
- Closes #10185
+- curl/websockets.h: extend the websocket frame struct
-Daniel Stenberg (31 Dec 2022)
+- sws: fix typo, indentation add more ws logging
-- urldata: cease storing TLS auth type
+- test2304: remove stdout verification
- The only TLS auth type libcurl ever supported is SRP and that is the
- default type. Since nobody ever sets any other type, there is no point
- in wasting space to store the set type and code to check the type.
+ This cripples the test somewhat but the check was bad since depending on
+ timing it could exit before the output was done, making the test flaky.
- If TLS auth is used, SRP is now implied.
+Dan Fandrich (9 Feb 2023)
- Closes #10181
+- CI: Add more labeler match patterns
-- vtls: use ALPN HTTP/1.0 when HTTP/1.0 is used
+- CI: Retry failed downloads to reduce spurious failures
- Previously libcurl would use the HTTP/1.1 ALPN id even when the
- application specified HTTP/1.0.
+ A temporary error with a remote server shouldn't cause a CI run to fail.
+ Also, put a cap on the time to download to fail faster on a misbehaving
+ server or connection and use HTTP compression where possible to reduce
+ download times.
- Reported-by: William Tang
- Ref: #10183
+Daniel Stenberg (9 Feb 2023)
-Marcel Raad (30 Dec 2022)
+- no-clobber.d: only use long form options in man page text
-- lib670: make test.h the first include
+ ... since they are expanded and the short-form gets mentioned
+ automatically so if the short form is mentioned as well, it gets
+ repeated.
- As in all other lib tests. This avoids a macro redefinition warning for
- `_FILE_OFFSET_BITS` visible in the autobuilds.
+ Fixes #10461
+ Closes #10462
+ Reported-by: Dan Fandrich
- Closes https://github.com/curl/curl/pull/10182
+- GHA: enable websockets in the torture job
-Stefan Eissing (30 Dec 2022)
+ Closes #10448
-- lib: connect/h2/h3 refactor
+- header.d: add a header file example
- Refactoring of connection setup and happy eyeballing. Move
- nghttp2. ngtcp2, quiche and msh3 into connection filters.
+ Closes #10455
- - eyeballing cfilter that uses sub-filters for performing parallel connects
- - socket cfilter for all transport types, including QUIC
- - QUIC implementations in cfilter, can now participate in eyeballing
- - connection setup is more dynamic in order to adapt to what filter did
- really connect. Relevant to see if a SSL filter needs to be added or
- if SSL has already been provided
- - HTTP/3 test cases similar to HTTP/2
- - multiuse of parallel transfers for HTTP/3, tested for ngtcp2 and quiche
+Stefan Eissing (9 Feb 2023)
- - Fix for data attach/detach in VTLS filters that could lead to crashes
- during parallel transfers.
- - Eliminating setup() methods in cfilters, no longer needed.
- - Improving Curl_conn_is_alive() to replace Curl_connalive() and
- integrated ssl alive checks into cfilter.
- - Adding CF_CNTRL_CONN_INFO_UPDATE to tell filters to update
- connection into and persist it at the easy handle.
+- HTTP/[23]: continue upload when state.drain is set
- - Several more cfilter related cleanups and moves:
- - stream_weigth and dependency info is now wrapped in struct
- Curl_data_priority
- - Curl_data_priority members depend is available in HTTP2|HTTP3
- - Curl_data_priority members depend on NGHTTP2 support
- - handling init/reset/cleanup of priority part of url.c
- - data->state.priority same struct, but shallow copy for compares only
+ - as reported in #10433, HTTP/2 uploads may stall when a response is
+ received before the upload is done. This happens when the
+ data->state.drain is set for such a transfer, as the special handling
+ in transfer.c from then on only cared about downloads.
+ - add continuation of uploads, if applicable, in this case.
+ - add pytest case test_07_12_upload_seq_large to reproduce this scenario
+ (although, current nghttp2 implementation is using drain less often)
- - PROTOPT_STREAM has been removed
- - Curl_conn_is_mulitplex() now available to check on capability
+ Reported-by: Lucas Pardue
- - Adding query method to connection filters.
- - ngtcp2+quiche: implementing query for max concurrent transfers.
+ Fixes #10433
+ Closes #10443
- - Adding is_alive and keep_alive cfilter methods. Adding DATA_SETUP event.
- - setting keepalive timestamp on connect
- - DATA_SETUP is called after the connection has been completely
- setup (but may not connected yet) to allow filters to initialize
- data members they use.
+- http2: minor buffer and error path fixes
- - there is no socket to be had with msh3, it is unclear how select
- shall work
+ - use memory buffer in full available size
+ - fail receive of reset/errored streams early
- - manual test via "curl --http3 https://curl.se" fail with "empty
- reply from server".
+ pytest:
+ - make test_05 error cases more reliable
- - Various socket/conn related cleanups:
- - Curl_socket is now Curl_socket_open and in cf-socket.c
- - Curl_closesocket is now Curl_socket_close and in cf-socket.c
- - Curl_ssl_use has been replaced with Cur_conn_is_ssl
- - Curl_conn_tcp_accepted_set has been split into
- Curl_conn_tcp_listen_set and Curl_conn_tcp_accepted_set
- with a clearer purpose
+ Closes #10444
- Closes #10141
+Federico Pellegrin (9 Feb 2023)
-Daniel Stenberg (30 Dec 2022)
+- openldap: fix missing sasl symbols at build in specific configs
-- RELEASE-NOTES: synced
+ If curl is built with openldap support (USE_OPENLDAP=1) but does not
+ have also some other protocol (IMAP/SMTP/POP3) enabled that brings
+ in Curl_sasl_* functions, then the build will fail with undefined
+ references to various symbols:
-- docs/libcurl/curl_getdate.3: minor whitespace edit
+ ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_decode_mech'
+ ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_parse_url_auth
+ _option'
+ ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_cleanup'
+ ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_can_authentica
+ te'
+ ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_continue'
+ ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_start'
+ ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_init'
- To avoid a fccp quirk that made it render wrongly on the website
+ This was tracked down to these functions bein used in openldap.c but
+ defined in curl_sasl.c and then forward in two vauth/ files to have
+ a guard against a set of #define configurations that was now extended
+ to cover also this case.
-- transfer: break the read loop when RECV is cleared
+ Example configuration targeted that could reproduce the problem:
- When the RECV bit is cleared because the response reading for this
- transfer is complete, the read loop should be stopped. data_pending()
- can otherwise still return TRUE and another read would be attempted.
+ curl 7.87.1-DEV () libcurl/7.87.1-DEV .... OpenLDAP/2.6.3
+ Protocols: file ftp ftps http https ldap ldaps
- Reported-by: Hide Ishikawa
- Fixes #10172
- Closes #10174
+ Closes #10445
-- multihandle: turn bool struct fields into bits
+Daniel Stenberg (9 Feb 2023)
- Closes #10179
+- ws: use %Ou for outputting curl_off_t with info()
-Stefan Eissing (30 Dec 2022)
+ Reported-by: Mike Duglas
+ Fixes #10439
+ Closes #10441
-- ftpserver: lower the normal DATA connect timeout to speed up torture tests
+Jay Satiro (9 Feb 2023)
- - tests/ftpserver.pl blocks when expecting a DATA connection from the
- client.
+- curl_setup: Disable by default recv-before-send in Windows
- - the previous 10 seconds were encountered repeatedly in torture tests
- and let to long waits.
+ Prior to this change a workaround for Windows to recv before every send
+ was enabled by default. The way it works is a recv is called before
+ every send and saves the received data, in case send fails because in
+ Windows apparently that can wipe out the socket's internal received
+ data buffer.
- - 2 seconds should still be sufficient for current hw, but CI will show.
+ This feature has led to several bugs because the way libcurl operates
+ it waits on a socket to read or to write, and may not at all times
+ check for buffered receive data.
- Closes #10178
+ Two recent significant bugs this workaround caused:
+ - Broken Schannel TLS 1.3 connections (#9431)
+ - HTTP/2 arbitrary hangs (#10253)
-Nick Banks (28 Dec 2022)
+ The actual code remains though it is disabled by default. Though future
+ changes to connection filter buffering could improve the situation IMO
+ it's just not tenable to manage this workaround.
-- msh3: add support for request payload
+ Ref: https://github.com/curl/curl/issues/657
+ Ref: https://github.com/curl/curl/pull/668
+ Ref: https://github.com/curl/curl/pull/720
- Closes #10136
+ Ref: https://github.com/curl/curl/issues/9431
+ Ref: https://github.com/curl/curl/issues/10253
-Stefan Eissing (28 Dec 2022)
+ Closes https://github.com/curl/curl/pull/10409
-- openssl: remove attached easy handles from SSL instances
+Stefan Eissing (8 Feb 2023)
- - keeping the "current" easy handle registered at SSL* is no longer
- necessary, since the "calling" data object is already stored in the
- cfilter's context (and used by other SSL backends from there).
- - The "detach" of an easy handle that goes out of scope is then avoided.
- - using SSL_set0_wbio for clear reference counting where available.
+- http2: aggregate small SETTINGS/PRIO/WIN_UPDATE frames
- Closes #10151
+ add a small buffer to nghttp2 session sending in order to aggregate
+ small SETTINGS/PRIO/WIN_UPDATE frames that nghttp2 "writes" to the
+ callback individually.
-Daniel Stenberg (28 Dec 2022)
+ Ref: #10389
+ Closes #10432
-- socketpair: allow localhost MITM sniffers
+- openssl: store the CA after first send (ClientHello)
- Windows allow programs to MITM connections to localhost. The previous
- check here would detect that and error out. This new method writes data
- to verify the pipe thus allowing MITM.
+ move Curl_ssl_setup_x509_store() call after the first send (ClientHello)
+ this gives time to parse CA anchors while waiting on the server reply
- Reported-by: SerusDev on github
- Fixes #10144
- Closes #10169
+ Ref: #10389
+ Closes #10432
-- HTTP3: mention what needs to be in place to remove EXPERIMENTAL label
+Daniel Stenberg (8 Feb 2023)
- Closes #10168
+- RELEASE-NOTES: synced
-Andy Alt (28 Dec 2022)
+Anthony Hu (8 Feb 2023)
-- MANUAL.md: add pipe to apt-key example
+- wolfssl: remove deprecated post-quantum algorithms
- Closes #10170
+ Closes #10440
-Daniel Stenberg (27 Dec 2022)
+John Bampton (8 Feb 2023)
-- test417: verify %{certs} output
+- misc: fix spelling
-- runtests: make 'mbedtls' a testable feature
+ Closes #10437
- Also add to FILEFORMAT.md
+Daniel Stenberg (7 Feb 2023)
-- writeout: add %{certs} and %{num_certs}
+- man pages: call the custom user pointer 'clientp' consistently
- Let users get the server certificate chain using the command line
+ The variable had a few different names. Now try to use 'clientp'
+ consistently for all man pages using a custom pointer set by the
+ application.
- Closes #10019
+ Reported-by: Gerrit Renker
-Stefan Eissing (27 Dec 2022)
+ Fixes #10434
+ Closes #10435
-- haxproxy: send before TLS handhshake
+- vtls: infof using %.*s needs to provide the length as int
- - reverse order of haproxy and final ssl cfilter
+ Fixes a Coverity warning.
- - make haproxy avaiable on PROXY builds, independent of HTTP support as
- it can be used with any protocol.
+ Closes #10436
- Reported-by: Sergio-IME on github
- Fixes #10165
- Closes #10167
+Stefan Eissing (7 Feb 2023)
-Daniel Stenberg (27 Dec 2022)
+- vrls: addressing issues reported by coverity
-- RELEASE-NOTES: synced
+ I believe the code was secure before this, but limiting the accepted
+ name length to what is used in the structures should help Coverity's
+ analysis.
-- test446: verify hsts with two URLs
+ Closes #10431
-- runtests: support crlf="yes" for verify/proxy
+Daniel Stenberg (7 Feb 2023)
-- hsts: handle adding the same host name again
+- tool_operate: move the 'updated' variable
- It will then use the largest expire time of the two entries.
+ This was already done by Dan Fandrich in the previous PR but somehow I
+ lost that fixup.
-- tool_operate: share HSTS between handles
+ Follow-up to 349c5391f2121e
-- share: add sharing of HSTS cache among handles
+Dan Fandrich (7 Feb 2023)
- Closes #10138
+- tool_operate: Fix error codes during DOS filename sanitize
-Viktor Szakats (27 Dec 2022)
+ It would return CURLE_URL_MALFORMAT in an OOM condition.
-- Makefile.mk: fix wolfssl and mbedtls default paths
+ Closes #10414
- Fix the defaults for `WOLFSSL_PATH` and `MBEDTLS_PATH` to have
- meaningful values instead of the copy-pasted wrong ones.
+- tool_operate: Fix error codes on bad URL & OOM
- Ref: https://github.com/curl/curl/commit/66e68ca47f7fd00dff2cb7c45ba6725d4009
- 9585#r94275172
+ curl would erroneously report CURLE_OUT_OF_MEMORY in some cases instead
+ of CURLE_URL_MALFORMAT. In other cases, it would erroneously return
+ CURLE_URL_MALFORMAT instead of CURLE_OUT_OF_MEMORY. Add a test case to
+ test the former condition.
- Reported-by: Ryan Schmidt
- Closes #10164
+ Fixes #10130
+ Closes #10414
-Daniel Stenberg (27 Dec 2022)
+Daniel Stenberg (6 Feb 2023)
-- INTERNALS: cleanup
+- setopt: use >, not >=, when checking if uarg is larger than uint-max
- - remove "operating systems" (mostly outdated)
+ Closes #10421
- - upodate the "build tools"
+- vtls: fix failf() format argument type for %.*s handling
- Closes #10162
+ Reported by Coverity
-- cmake: bump requirement to 3.7
+ Closes #10422
- Because this is the cmake version (released in November 2016) that
- introduced GREATER_EQUAL, which is used already.
+- openssl: fix "Improper use of negative value"
- Reported-by: nick-telia on github
- Fixes #10128
- Closes #10161
+ By getting the socket first and returning error in case of bad socket.
-- cfilters:Curl_conn_get_select_socks: use the first non-connected filter
+ Detected by Coverity.
- When there are filters addded for both socket and SSL, the code
- previously checked the SSL sockets during connect when it *should* first
- check the socket layer until that has connected.
+ Closes #10423
- Fixes #10157
- Fixes #10146
- Closes #10160
+Dan Fandrich (6 Feb 2023)
- Reviewed-by: Stefan Eissing
+- packages: Remove Android.mk from makefile
-- urlapi: add CURLU_PUNYCODE
+ This was missed in commit #44141512
- Allows curl_url_get() get the punycode version of host names for the
- host name and URL parts.
+ Ref: #10418
- Extend test 1560 to verify.
+Daniel Stenberg (6 Feb 2023)
- Closes #10109
+- curl_ws_send.3: clarify how to send multi-frame messages
-- RELEASE-NOTES: synced
+Mike Duglas (6 Feb 2023)
-- libssh2: try sha2 algos for hostkey methods
+- ws: fix multiframe send handling
- As is supported by recent libssh2, but should just be ignored by older
- versions.
+ Fixes #10413
+ Closes #10420
- Reported-by: norbertmm on github
- Assisted-by: norbertmm on github
- Fixes #10143
- Closes #10145
+Daniel Stenberg (6 Feb 2023)
-Patrick Monnerat (26 Dec 2022)
+- unit2600: make sure numerical curl_easy_setopt sets long
-- typecheck: accept expressions for option/info parameters
+ Follow-up to 671158242db3203
- As expressions can have side effects, evaluate only once.
+ Reported-by: Marcel Raad
+ Fixes #10410
+ Closes #10419
- To enable deprecation reporting only once, get rid of the __typeof__
- use to define the local temporary variable and use the target type
- (CURLoption/CURLINFO). This also avoids multiple reports on type
- conflicts (if some) by the curlcheck_* macros.
+Andy Alt (6 Feb 2023)
- Note that CURLOPT_* and CURLINFO_* symbols may be deprecated, but not
- their values: a curl_easy_setopt call with an integer constant as option
- will never report a deprecation.
+- GHA: move Slackware test into matrix
- Reported-by: Thomas Klausner
- Fixes #10148
- Closes #10149
+ Closes #10412
-Paul Howarth (26 Dec 2022)
+Pronyushkin Petr (6 Feb 2023)
-- tests: avoid use of sha1 in certificates
+- urlapi: fix part of conditional expression is always true: qlen
- The SHA-1 algorithm is deprecated (particularly for security-sensitive
- applications) in a variety of OS environments. This already affects
- RHEL-9 and derivatives, which are not willing to use certificates using
- that algorithm. The fix is to use sha256 instead, which is already used
- for most of the other certificates in the test suite.
+ Closes #10408
- Fixes #10135
+- url: fix part of conditional expression is always true
- This gets rid of issues related to sha1 signatures.
+ Closes #10407
- Manual steps after "make clean-certs" and "make build-certs":
+Daniel Stenberg (6 Feb 2023)
- - Copy tests/certs/stunnel-sv.pem to tests/stunnel.pem
- (make clean-certs does not remove the original tests/stunnel.pem)
+- RELEASE-NOTES: synced
- - Copy tests/certs/Server-localhost-sv.pubkey-pinned into --pinnedpubkey
- options of tests/data/test2041 and tests/data/test2087
+Philip Heiduck (6 Feb 2023)
- Closes #10153
+- GHA/macos.yml: bump to gcc-12
-Yurii Rashkovskii (26 Dec 2022)
+ Closes #10415
-- cmake: fix the snprintf detection
+Daniel Stenberg (6 Feb 2023)
- I haven't had the time to check other configurations, but on my macOS
- Ventura 13.1 with XCode 14.2 cmake does not find `snprintf`.
+- packages: remove Android, update README
- Solution: ensure stdio.h is checked for definitions
+ - Nobody builds curl for Android using this anymore
+ - Refreshed the README and converted to markdown
- Closes #10155
+ Reported-by: John Porter
+ Fixes #10416
+ Closes #10418
-Radu Hociung (26 Dec 2022)
+Kvarec Lezki (5 Feb 2023)
-- http: remove the trace message "Mark bundle... multiuse"
+- fopen: remove unnecessary assignment
- The message "Mark bundle as not supporting multiuse" was added at commit
- 29364d93 when an http/2-related bug was fixed, and it appears to be a
- leftover trace message.
+ [CWE-1164] V1048: The '* tempname' variable was assigned the same value.
- This message should be removed because:
- * it conveys no information to the user
- * it is enabled in the default build (--enable-verbose)
- * it reads like a warning/unexpected condition
- * it is equivalent to "Detected http proto < 2", which is
- not a useful message.
- * it is a time-wasting red-herring for anyone who encounters
- it for the first time while investigating some other, real
- problem.
+ Ref: https://pvs-studio.com/en/docs/warnings/v1048/
- This commit removes the trace message "Mark bundle as not
- supporting multiuse"
+ Closes https://github.com/curl/curl/pull/10398
- Closes #10159
+Gisle Vanem (5 Feb 2023)
-Hannah Schierling (26 Dec 2022)
+- libtest: add a sleep macro for Windows
-- url: fix build with `--disable-cookies`
+ .. because sleep() is used in some libtests.
- Struct `UserDefined` has no member `cookielist` if
- `CURL_DISABLE_COOKIES` is defined.
+ Closes https://github.com/curl/curl/pull/10295
- Follow-up to af5999a
+Kvarec Lezki (3 Feb 2023)
- Closes #10158
+- http_aws_sigv4: remove typecasts from HMAC_SHA256 macro
-Stefan Eissing (23 Dec 2022)
+ V220: Suspicious sequence of types castings: memsize -> 32-bit integer -> mem
+ size.
-- runtests: also tear down http2/http3 servers when https server is stopped
+ https://pvs-studio.com/en/docs/warnings/v220/
- Closes #10114
+ Closes #10400
-- tests: add 3 new HTTP/2 test cases, plus https: support for nghttpx
+Daniel Stenberg (3 Feb 2023)
- - a simple https get
- - a simple https post
- - a multi get of 4 requests and check that same connection was used
+- mailmap: Thomas1664 on github
- Closes #10114
+Thomas1664 on github (3 Feb 2023)
-Daniel Stenberg (23 Dec 2022)
+- CURLOPT_WRITEFUNCTION.3: fix memory leak in example
-- urldata: remove unused struct fields, made more conditional
+ Closes #10390
- - source_quote, source_prequote and source_postquote have not been used since
- 5e0d9aea3; September 2006
+Kvarec Lezki (3 Feb 2023)
- - make several fields conditional on proxy support
+- doh: ifdef IPv6 code
- - make three quote struct fields conditional on FTP || SSH
+ For disabled IPv6 a condition (conn->ip_version != CURL_IPRESOLVE_V4) is
+ always false. https://pvs-studio.com/en/docs/warnings/v560/
- - make 'mime_options' depend on MIME
+ Closes #10397
- - make trailer_* fields depend on HTTP
+Daniel Stenberg (3 Feb 2023)
- - change 'gssapi_delegation' from long to unsigned char
+- urlapi: remove pathlen assignment
- - make 'localportrange' unsigned short instead of int
+ "Value stored to 'pathlen' is never read"
- - conn->trailer now depends on HTTP
+ Follow-up to 804d5293f89
- Closes #10147
+ Reported-by: Kvarec Lezki
-- urldata: make set.http200aliases conditional on HTTP being present
+ Closes #10405
- And make a few SSH-only fields depend on SSH
+Kvarec Lezki (3 Feb 2023)
- Closes #10140
+- http: fix "part of conditional expression is always false"
-- md4: fix build with GnuTLS + OpenSSL v1
+ [CWE-570] V560: A part of conditional expression is always false: conn->bits.
+ authneg.
+ [CWE-570] V560: A part of conditional expression is always false: conn->handl
+ er->protocol & (0 | 0).
- Reported-by: Esdras de Morais da Silva
+ https://pvs-studio.com/en/docs/warnings/v560/
- Fixes #10110
- Closes #10142
+ Closes #10399
-- urldata: make 'ftp_create_missing_dirs' depend on FTP || SFTP
+Daniel Stenberg (2 Feb 2023)
- Closes #10139
+- urlapi: skip the extra dedotdot alloc if no dot in path
-John Bampton (22 Dec 2022)
+ Saves an allocation for many/most URLs.
-- misc: fix grammar and spelling
+ Updates test 1395 accordingly
- Closes #10137
+ Closes #10403
-Daniel Stenberg (22 Dec 2022)
+Stefan Eissing (2 Feb 2023)
-- urldata: move the cookefilelist to the 'set' struct
+- connections: introduce http/3 happy eyeballs
- The cookiefile entries are set into the handle and should remain set for
- the lifetime of the handle so that duplicating it also duplicates the
- list. Therefore, the struct field is moved from 'state' to 'set'.
+ New cfilter HTTP-CONNECT for h3/h2/http1.1 eyeballing.
+ - filter is installed when `--http3` in the tool is used (or
+ the equivalent CURLOPT_ done in the library)
+ - starts a QUIC/HTTP/3 connect right away. Should that not
+ succeed after 100ms (subject to change), a parallel attempt
+ is started for HTTP/2 and HTTP/1.1 via TCP
+ - both attempts are subject to IPv6/IPv4 eyeballing, same
+ as happens for other connections
+ - tie timeout to the ip-version HAPPY_EYEBALLS_TIMEOUT
+ - use a `soft` timeout at half the value. When the soft timeout
+ expires, the HTTPS-CONNECT filter checks if the QUIC filter
+ has received any data from the server. If not, it will start
+ the HTTP/2 attempt.
- Fixes #10133
- Closes #10134
+ HTTP/3(ngtcp2) improvements.
+ - setting call_data in all cfilter calls similar to http/2 and vtls filters
+ for use in callback where no stream data is available.
+ - returning CURLE_PARTIAL_FILE for prematurely terminated transfers
+ - enabling pytest test_05 for h3
+ - shifting functionality to "connect" UDP sockets from ngtcp2
+ implementation into the udp socket cfilter. Because unconnected
+ UDP sockets are weird. For example they error when adding to a
+ pollset.
-- strdup: name it Curl_strdup
+ HTTP/3(quiche) improvements.
+ - fixed upload bug in quiche implementation, now passes 251 and pytest
+ - error codes on stream RESET
+ - improved debug logs
+ - handling of DRAIN during connect
+ - limiting pending event queue
- It does not belong in the curlx_ name space as it is never used
- externally.
+ HTTP/2 cfilter improvements.
+ - use LOG_CF macros for dynamic logging in debug build
+ - fix CURLcode on RST streams to be CURLE_PARTIAL_FILE
+ - enable pytest test_05 for h2
+ - fix upload pytests and improve parallel transfer performance.
- Closes #10132
+ GOAWAY handling for ngtcp2/quiche
+ - during connect, when the remote server refuses to accept new connections
+ and closes immediately (so the local conn goes into DRAIN phase), the
+ connection is torn down and a another attempt is made after a short grace
+ period.
+ This is the behaviour observed with nghttpx when we tell it to shut
+ down gracefully. Tested in pytest test_03_02.
-Nick Banks (22 Dec 2022)
+ TLS improvements
+ - ALPN selection for SSL/SSL-PROXY filters in one vtls set of functions, repl
+ aces
+ copy of logic in all tls backends.
+ - standardized the infof logging of offered ALPNs
+ - ALPN negotiated: have common function for all backends that sets alpn propr
+ ty
+ and connection related things based on the negotiated protocol (or lack the
+ reof).
-- msh3: update to v0.5 Release
+ - new tests/tests-httpd/scorecard.py for testing h3/h2 protocol implementatio
+ n.
+ Invoke:
+ python3 tests/tests-httpd/scorecard.py --help
+ for usage.
- Closes #10125
+ Improvements on gathering connect statistics and socket access.
+ - new CF_CTRL_CONN_REPORT_STATS cfilter control for having cfilters
+ report connection statistics. This is triggered when the connection
+ has completely connected.
+ - new void Curl_pgrsTimeWas(..) method to report a timer update with
+ a timestamp of when it happend. This allows for updating timers
+ "later", e.g. a connect statistic after full connectivity has been
+ reached.
+ - in case of HTTP eyeballing, the previous changes will update
+ statistics only from the filter chain that "won" the eyeballing.
+ - new cfilter query CF_QUERY_SOCKET for retrieving the socket used
+ by a filter chain.
+ Added methods Curl_conn_cf_get_socket() and Curl_conn_get_socket()
+ for convenient use of this query.
+ - Change VTLS backend to query their sub-filters for the socket when
+ checks during the handshake are made.
-Andy Alt (22 Dec 2022)
+ HTTP/3 documentation on how https eyeballing works.
-- workflows/linux.yml: merge 3 common packages
+ TLS improvements
+ - ALPN selection for SSL/SSL-PROXY filters in one vtls set of functions, repl
+ aces
+ copy of logic in all tls backends.
+ - standardized the infof logging of offered ALPNs
+ - ALPN negotiated: have common function for all backends that sets alpn propr
+ ty
+ and connection related things based on the negotiated protocol (or lack the
+ reof).
- Closes #10071
+ Scorecard with Caddy.
+ - configure can be run with `--with-test-caddy=path` to specify which caddy t
+ o use for testing
+ - tests/tests-httpd/scorecard.py now measures download speeds with caddy
-Daniel Stenberg (21 Dec 2022)
+ pytest improvements
+ - adding Makfile to clean gen dir
+ - adding nghttpx rundir creation on start
+ - checking httpd version 2.4.55 for test_05 cases where it is needed. Skippin
+ g with message if too old.
+ - catch exception when checking for caddy existance on system.
-- docs: mention indirect effects of --insecure
+ Closes #10349
- Warn users that disabling certficate verification allows servers to
- "pollute" curl with data it trusts.
+Daniel Stenberg (2 Feb 2023)
- Reported-by: Harry Sintonen
- Closes #10126
+- CODEOWNERS: remove the peeps mentioned as CI owners
-- SECURITY-PROCESS.md: document severity levels
+ These owners do not have the bandwidth/energy to do the reviews which
+ makes PRs stall and this ownership claim flawed. We can bring people
+ back when the situation is different.
- Closes #10118
+ Follow-up to c04c78ac87c4d46737934345a
-- RELEASE_NOTES: synced
+ Closes #10386
- bumped version for new cycle
+Martin D'Aloia (2 Feb 2023)
-Marcel Raad (21 Dec 2022)
+- write-out.d: add 'since version' to %{header_json} documentation
-- tool_operate: fix `CURLOPT_SOCKS5_GSSAPI_NEC` type
+ The documentation of `%{header_json}` missed to mention since which
+ version this variable for `--write-out` is present.
- `CURLOPT_SOCKS5_GSSAPI_NEC` is a long, while `socks5_gssapi_nec` was
- made a bool in commit 4ac64eadf60.
+ Based on commit https://github.com/curl/curl/commit/4133a69f2daa476bb
+ we can determine from the tags were this commit is present that the
+ first version to include it was `7.83.0`.
+ This could be also checked with:
+ `git tag --contains 4133a69f2daa476bb6d902687f1dd6660ea9c3c5`
- Closes https://github.com/curl/curl/pull/10124
+ Closes #10395
-Version 7.87.0 (21 Dec 2022)
+Daniel Stenberg (1 Feb 2023)
-Daniel Stenberg (21 Dec 2022)
+- urlapi: avoid Curl_dyn_addf() for hex outputs
-- RELEASE-NOTES: synced
+ Inspired by the recent fixes to escape.c, we should avoid calling
+ Curl_dyn_addf() in loops, perhaps in particular when adding something so
+ simple as %HH codes - for performance reasons. This change makes the
+ same thing for the URL parser's two URL-encoding loops.
- The curl 7.87.0 release
+ Closes #10384
-- THANKS: 40 new contributors from 7.87.0
+- urlapi: skip path checks if path is just "/"
-- http: fix the ::1 comparison for IPv6 localhost for cookies
+ As a miniscule optimization, treat a path of the length 1 as the same as
+ non-existing, as it can only be a single leading slash, and that's what
+ we do for no paths as well.
- When checking if there is a "secure context", which it is if the
- connection is to localhost even if the protocol is HTTP, the comparison
- for ::1 was done incorrectly and included brackets.
+ Closes #10385
- Reported-by: BratSinot on github
+Philip Heiduck (1 Feb 2023)
- Fixes #10120
- Closes #10121
+- GHA/macos: use Xcode_14.0.1 for cmake builds
-Philip Heiduck (19 Dec 2022)
+ Fixes #10356
+ Closes #10381
-- CI/spell: actions/checkout@v2 > actions/checkout@v3
+Viktor Szakats (1 Feb 2023)
-Daniel Stenberg (19 Dec 2022)
+- tls: fixes for wolfssl + openssl combo builds
-- smb/telnet: do not free the protocol struct in *_done()
+ 1. Add `USE_WOLFSSL` to the TLS backend priority list in
+ `lib/curl_ntlm_core.c`.
- It is managed by the generic layer.
+ 2. Fix `lib/curl_ntlm_core.h` to respect TLS backend priority, bringing
+ it in sync with the above list and `lib/curl_ntlm_core.c` itself.
- Reported-by: Trail of Bits
+ Reported-by: Mark Roszko
+ Ref: https://github.com/curl/curl/issues/10321
- Closes #10112
+ 3. Allow enabling both wolfSSL and OpenSSL at the same time in
+ `lib/Makefile.mk` bringing this in line with cmake/autotools builds.
+ Update logic to select the crypto-specific lib for `ngtcp2`, which
+ supports a single TLS backend at the same time.
-- http: use the IDN decoded name in HSTS checks
+ Closes #10322
- Otherwise it stores the info HSTS into the persistent cache for the IDN
- name which will not match when the HSTS status is later checked for
- using the decoded name.
+Daniel Stenberg (1 Feb 2023)
- Reported-by: Hiroki Kurosawa
+- RELEASE-NOTES: synced
- Closes #10111
+- docs/INSTALL: document how to use multiple TLS backends
-- CURLOPT_DEBUGFUNCTION.3: emphasize that incoming data is "raw"
+ And document how OpenSSL forks and wolfSSL cannot be used at the same
+ time.
- Closes #10106
+ Reported-by: Mark Roszko
+ Fixes #10321
+ Closes #10382
-Xì Gà (16 Dec 2022)
+Kvarec Lezki (1 Feb 2023)
-- socks: fix username max size is 255 (0xFF)
+- cookies: fp is always not NULL
- Closes #10105
+ Closes #10383
- Reviewed-by: Daniel Gustafsson
+Daniel Stenberg (31 Jan 2023)
-Daniel Stenberg (16 Dec 2022)
+- escape: use table lookup when adding %-codes to output
-- limit-rate.d: see also --rate
+ On my dev host, this code runs 7.8 times faster.
-- lib1560: add some basic IDN host name tests
+ Closes #10377
- Closes #10094
+- unit2600: avoid error: ‘TEST_CASES’ defined but not used
-- idn: rename the files to idn.[ch] and hold all IDN functions
+ Follow-up to d55de24dce9d51
- Closes #10094
+ Closes #10379
-- idn: remove Curl_win32_ascii_to_idn
+- escape: hex decode with a lookup-table
- It was not used. Introduce a new IDN header for the prototype(s).
+ Makes the decoding 2.8 times faster in my tests.
- Closes #10094
+ Closes #10376
-- RELEASE-NOTES: synced
+- cf-socket: fix build error wo TCP_FASTOPEN_CONNECT
-- curl_url_get.3: remove spurious backtick
+ Follow-up to 5651a36d1a
- Put there by mistake.
+ Closes #10378
- Follow-up from 9a8564a92
+ Reviewed-by: Stefan Eissing
- Closes #10101
+Stefan Eissing (31 Jan 2023)
-- socks: fix infof() flag for outputing a char
+- CI: add pytest github workflow to CI test/tests-httpd on a HTTP/3 setup
- It used to be a 'long', %lu is no longer correct.
+ Closes #10317
- Follow-up to 57d2d9b6bed33d
- Detected by Coverity CID 1517663
+- connect: fix strategy testing for attempts, timeouts and happy-eyeball
- Closes #10100
+ - add test2600 as a unit test that triggers various connect conditions
+ and monitors behaviour, available in a debug build only.
-- ssl-reqd.d: clarify that this is for upgrading connections only
+ - this exposed edge cases in connect.c that have been fixed
- Closes #10093
+ Closes #10312
-- curl_url_set.3: document CURLU_DISALLOW_USER
-
- Closes #10099
+- cf-socket: improvements in socket I/O handling
-- cmake: set the soname on the shared library
+ - Curl_write_plain/Curl_read_plain have been eliminated. Last code use
+ now uses Curl_conn_send/recv so that requests use conn->send/revc
+ callbacks which defaults to cfilters use.
+ - Curl_recv_plain/Curl_send_plain have been internalized in cf-socket.c.
+ - USE_RECV_BEFORE_SEND_WORKAROUND (active on Windows) has been moved
+ into cf-socket.c. The pre_recv buffer is held at the socket filter
+ context. `postponed_data` structures have been removed from
+ `connectdata`.
+ - the hanger in HTTP/2 request handling was a result of read buffering
+ on all sends and the multi handling is not prepared for this. The
+ following happens:
- Set SONAME and VERSION for platforms we think this works on. Remove
- issue from KNOWN_BUGS.
+ - multi preforms on a HTTP/2 easy handle
+ - h2 reads and processes data
+ - this leads to a send of h2 data
+ - which receives and buffers before the send
+ - h2 returns
+ - multi selects on the socket, but no data arrives (its in the buffer alre
+ ady)
+ the workaround now receives data in a loop as long as there is something i
+ n
+ the buffer. The real fix would be for multi to change, so that `data_pendi
+ ng`
+ is evaluated before deciding to wait on the socket.
- Assisted-by: Jakub Zakrzewski
+ io_buffer, optional, in cf-socket.c, http/2 sets state.drain if lower
+ filter have pending data.
- Closes #10023
+ This io_buffer is only available/used when the
+ -DUSE_RECV_BEFORE_SEND_WORKAROUND is active, e.g. on Windows
+ configurations. It also maintains the original checks on protocol
+ handler being HTTP and conn->send/recv not being replaced.
-- tool_paramhlp: free the proto strings on exit
+ The HTTP/2 (nghttp2) cfilter now sets data->state.drain when it finds
+ out that the "lower" filter chain has still pending data at the end of
+ its IO operation. This prevents the processing from becoming stalled.
- And also make sure that repeated use of the options free the previous
- string before it stores a new.
+ Closes #10280
- Follow-up from e6f8445edef8e7996d
+Daniel Stenberg (31 Jan 2023)
- Closes #10098
+- openssl: only use CA_BLOB if verifying peer
-- tool_cfgable: free the ssl_ec_curves on exit
+ Reported-by: Paul Groke
+ Bug: https://curl.se/mail/lib-2023-01/0070.html
+ Fixes #10351
+ Closes #10359
- Follow-up to ede125b7b
+Thomas1664 on github (31 Jan 2023)
- Closes #10097
+- curl_free.3: fix return type of `curl_free`
-- urlapi: reject more bad letters from the host name: &+()
+ Fixes #10373
+ Closes #10374
- Follow-up from eb0167ff7d31d3a5
+Daniel Stenberg (30 Jan 2023)
- Extend test 1560 to verify
+- zuul: stop using this CI service
- Closes #10096
+ The important jobs have already transitioned. The remaining ones we can
+ skip for now.
-- altsvc: fix rejection of negative port numbers
+ Closes #10368
- Follow-up to ac612dfeee95
+- copyright: remove "m4/ax_compile_check_sizeof.m4" from skips
- strtoul() accepts a leading minus so better make sure there is none
+ and report if skipped files do not exist.
- Extended test 356 somewhat to use a huge negative 64 bit number that
- otherwise becomes a low positive number.
+ Follow-up to 9e11c2791fb960758 which removed the file.
- Closes #10095
+ Closes #10369
-- lib: use size_t or int etc instead of longs
+- ws: unstick connect-only shutdown
- Since long is not using a consistent data size in curl builds, making it
- often "waste" 32 bits.
+ As this mode uses blocking sockets, it must set them back to
+ non-blocking in disconnect to avoid the risk of getting stuck.
- Closes #10088
+ Closes #10366
-- azure: use "unversioned" clang and clang-tools for scanbuild job
+- ws: remove bad assert
- To make it less fragile
+ Reported-by: Stanley Wucw
+ Fixes #10347
+ Closes #10366
- Closes #10092
+- openssl: adapt to boringssl's error code type
-Daniel Gustafsson (14 Dec 2022)
+ BoringSSL uses uint32_t, OpenSSL uses 'unsigned 'long'
-- x509asn1: avoid freeing unallocated pointers
+ Closes #10360
- When utf8asn1str fails there is no allocation returned, so freeing
- the return pointer in **to is at best a no-op and at worst a double-
- free bug waiting to happen. The current coding isn't hiding any such
- bugs but to future proof, avoid freeing the return value pointer iff
- the function failed.
+- tool_operate: repair --rate
- Closes: #10087
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Regression from a55256cfb242 (7.87.0)
+ Reported-by: highmtworks on github
+ Fixes #10357
+ Closes #10358
-Emil Engler (13 Dec 2022)
+- dict: URL decode the entire path always
-- curl_url_set.3: fix typo
+ Reported-by: dekerser on github
+ Fixes #10298
+ Closes #10354
- Closes: #10089
- Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
+Stefan Eissing (29 Jan 2023)
-Daniel Stenberg (13 Dec 2022)
+- vtls: do not null-check when we already assume cf-ctx exists
-- test2304: verify websocket handling when connection is closed
+ Fixes #10361
+ Closes #10362
-- server/sws: if asked to close connection, skip the websocket handling
+Daniel Stenberg (29 Jan 2023)
-- ws: if no connection is around, return error
+- RELEASE-NOTES: synced
- - curl_ws_send returns CURLE_SEND_ERROR if data->conn is gone
+- CURLOPT_READFUNCTION.3: the callback 'size' arg is always 1
- - curl_ws_recv returns CURLE_GOT_NOTHING on connection close
+ Reported-by: Brian Green
+ Fixes #10328
+ Closes #10355
- - curl_ws_recv.3: mention new return code for connection close + example
- embryo
+- copyright.pl: cease doing year verifications
- Closes #10084
+ As we have (mostly) removed the copyright year ranges.
-Emil Engler (13 Dec 2022)
+ Reported-by: Ryan Schmidt
+ Fixes #10345
+ Closes #10352
-- docs: extend the dump-header documentation
+Dan Fandrich (28 Jan 2023)
- This commit extends the documentation of the --dump-header command-line
- option to reflect the behavior introduced in 8b1e5df7.
+- CI: Work around a labeler bug that removes labels
- See #10079
- Closes #10085
+Jay Satiro (26 Jan 2023)
-Daniel Stenberg (12 Dec 2022)
+- write-out.d: clarify Windows % symbol escaping
-- RELEASE-NOTES: synced
+ - Clarify that in Windows batch files the % must be escaped as %%, and
+ at the command prompt it cannot be escaped which could lead to
+ incorrect expansion.
-- styled-output.d: this option does not work on Windows
+ Prior to this change the doc implied % must be escaped as %% in win32
+ always.
- Reported-by: u20221022 on github
+ ---
- Fixes #10082
- Closes #10083
+ Examples showing how a write-out argument is received by curl:
-Emil Engler (12 Dec 2022)
+ If curl --write-out "%{http_code}" is executed in a batch file:
+ {http_code}
-- tool: determine the correct fopen option for -D
+ If curl --write-out "%%{http_code}" is executed in a batch file:
+ %{http_code}
- This commit fixes a bug in the dump-header feature regarding the
- determination of the second fopen(3) option.
+ If curl --write-out "%{http_code}" is executed from the command prompt:
+ %{http_code}
- Reported-by: u20221022 on github
+ If curl --write-out "%%{http_code}" is executed from the command prompt:
+ %%{http_code}
- See #4753
- See #4762
- Fixes #10074
- Closes #10079
+ At the command prompt something like "%{speed_download}%{http_code}"
+ would first be parsed by the command interpreter as %{speed_download}%
+ and would be expanded as environment variable {speed_download} if it
+ existed, though that's highly unlikely since Windows environment names
+ don't use braces.
-Christian Schmitz (11 Dec 2022)
+ ---
-- docs/curl_ws_send: Fixed typo in websocket docs
+ Reported-by: Muhammad Hussein Ammari
- Replace as with is in relevant sentences.
+ Ref: https://github.com/bagder/everything-curl/pull/279
- Closes: #10081
- Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
+ Fixes https://github.com/curl/curl/issues/10323
+ Closes https://github.com/curl/curl/pull/10337
-Prithvi MK (11 Dec 2022)
+Ryan Schmidt (26 Jan 2023)
-- c-hyper: fix multi-request mechanism
+- connect: Fix build when not ENABLE_IPV6
- It makes test 565 run fine.
+ Check for ENABLE_IPV6 before accessing AF_INET6. Fixes build failure
+ introduced in 1c5d8ac.
- Fixes #8896
- Closes #10080
- Assisted-by: Daniel Stenberg
+ Closes https://github.com/curl/curl/pull/10344
-Andy Alt (11 Dec 2022)
+- cf-socket: Fix build when not HAVE_GETPEERNAME
-- page-header: grammar improvement (display transfer rate)
+ Remove remaining references to conn and sockfd, which were removed from
+ the function signature when conninfo_remote was renamed to
+ conn_set_primary_ip in 6a8d7ef.
- Closes #10068
+ Closes https://github.com/curl/curl/pull/10343
-- docs/DEPRECATE.md: grammar improvement and sp correction
+Stefan Eissing (26 Jan 2023)
- The main thing I wanted to do was fix the spelling of "spent", but I
- think this rewording improves the flow of the paragraph.
+- vtls: Manage current easy handle in nested cfilter calls
- Closes #10067
+ The previous implementation cleared `data` so the outer invocation lost
+ its data, which could lead to a crash.
-Boris Verkhovskiy (11 Dec 2022)
+ Bug: https://github.com/curl/curl/issues/10336
+ Reported-by: Fujii Hironori
-- tool_cfgable: make socks5_gssapi_nec a boolean
+ Closes https://github.com/curl/curl/pull/10340
- Closes #10078
+Dan Fandrich (25 Jan 2023)
-Frank Gevaerts (9 Dec 2022)
+- CI: Add even more paths to the labeler config (#10326)
-- contributors.sh: actually use $CURLWWW instead of just setting it.
+- scripts: Fix Appveyor job detection in cijobs.pl
- The script was all set up for flexibility where curl-www is elsewhere in
- the filesystem, but then hard-coded ../curl-www anyway...
+ The reorganization in #9769 broke the script. This should probably be
+ rewritten to use a YAML parser for better upward compatibility.
- Closes #10064
+- CI: Add a few more paths to the labeler config (#10326)
-Daniel Stenberg (9 Dec 2022)
+- CI: Switch the labeler event to pull_request_target
-- KNOWN_BUGS: remove items not considered bugs any more
+ Otherwise, the action won't work on PRs from forked repositories
+ (#10326).
- - CURL_GLOBAL_SSL
+Viktor Szakats (25 Jan 2023)
- This option was changed in libcurl 7.57.0 and clearly it has not caused
- too many issues and a lot of time has passed.
+- cmake: delete redundant macro definition `SECURITY_WIN32`
- - Store TLS context per transfer instead of per connection
+ Stop explicitly defining `SECURITY_WIN32` in CMake builds.
- This is a possible future optimization. One that is much less important
- and interesting since the added support for CA caching.
+ No other build systems define this macro, because it's unconditionally
+ defined in `lib/curl_sspi.h` already. This is the only curl source using
+ the `sspi.h` and `security.h` Win32 headers, and no other Win32 headers
+ need this macro.
- - Microsoft telnet server
+ Reviewed-by: Jay Satiro
+ Closes #10341
- This bug was filed in May 2007 against curl 7.16.1 and we have not
- received further reports.
+Fredrik (24 Jan 2023)
- - active FTP over a SOCKS
+- winbuild: document that arm64 is supported
- Actually, proxies in general is not working with active FTP mode. This
- is now added in proxy documentation.
+ Building an arm64 version works flawlessly with the VS arm64 toolset.
- - DICT responses show the underlying protocol
+ Closes https://github.com/curl/curl/pull/10332
- curl still does this, but since this is now an established behavior
- since forever we cannot change it easily and adding an option for it
- seems crazy as this protocol is not so little its not worth it. Let's
- just live with it.
+Cherish98 (24 Jan 2023)
- - Secure Transport disabling hostname validation also disables SNI
+- openssl: don't log raw record headers
- This is an already documented restriction in Secure Transport.
+ - Skip content type SSL3_RT_HEADER in verbose TLS output.
- - CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM
+ This commit prevents bogus and misleading verbose TLS header messages as
+ discussed in #10299.
- The curl_formadd() function is marked and documented as deprecated. No
- point in collecting bugs for it. It should not be used further.
+ Assisted-by: Peter Wu
- - STARTTRANSFER time is wrong for HTTP POSTs
+ Closes https://github.com/curl/curl/pull/10299
- After close source code inspection I cannot see how this is true or that
- there is any special treatment for different HTTP methods. We also have
- not received many further reports on this, making me strongly suspect
- that this is no (longer an) issue.
+Marc Aldorasi (24 Jan 2023)
- - multipart formposts file name encoding
+- cmake: use list APPEND syntax for CMAKE_REQUIRED_DEFINITIONS
- The once proposed RFC 5987-encoding is since RFC 7578 documented as MUST
- NOT be used. The since then implemented MIME API allows the user to set
- the name on their own and can thus provide it encoded as it wants.
+ - Use list() instead of set() for CMAKE_REQUIRED_DEFINITIONS list since
+ the former is clearer.
- - DoH is not used for all name resolves when enabled
+ Closes https://github.com/curl/curl/pull/10272
- It is questionable if users actually want to use DoH for interface and
- FTP port name resolving. This restriction is now documented and we
- advice users against using name resolving at all for these functions.
+Dan Fandrich (23 Jan 2023)
- Closes #10043
+- CI: Add a workflow to automatically label pull requests
-- CURLOPT_COOKIEFILE.3: advice => advise
+ The labeler language is quite restrictive right now so labels are added
+ quite conservatively, meaning that many PRs won't get labels when it's
+ "obvious" they should. It will still save some manual work on those
+ that it can label.
- Closes #10063
+Jay Satiro (21 Jan 2023)
- Reviewed-by: Daniel Gustafsson
+- system.h: assume OS400 is always built with ILEC compiler
-Daniel Gustafsson (9 Dec 2022)
+ Prior to this change the OS400 types were only defined when __ILEC400__.
+ That symbol is only defined by IBM's C compiler and not their C++
+ compiler, which led to missing types when users on OS400 would compile a
+ C++ application that included curl.
-- curl.h: reword comment to not use deprecated option
+ The IBM C and C++ compilers are the only native compilers on the
+ platform.
- CURLOPT_INFILE was replaced by CURLOPT_READDATA in 7.9.7, reword the
- comment mentioning it to make code grepping easier as well as improve
- the documentation.
+ Assisted-by: Jon Rumsey
+ Reported-by: John Sherrill
- Closes: #10062
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Fixes https://github.com/curl/curl/issues/10305
+ Closes https://github.com/curl/curl/pull/10329
-Ryan Schmidt (9 Dec 2022)
+xgladius (20 Jan 2023)
-- system.h: fix socklen_t, curl_off_t, long long for Classic Mac OS
+- cmake: Remove deprecated symbols check
- Change "__MWERKS__" to "macintosh". When this block was originally added
- in 3ac6929 it was probably intended to handle classic Mac OS since the
- previous classic Mac OS build procedure for curl (which was removed in
- bf327a9) used Metrowerks CodeWarrior.
+ curl stopped use of CMAKE_USE_ as a prefix for its own build symbols in
+ 2021 and added a check, meant to last 1 year, to fatally error on those
+ symbols. This commit removes that check.
- But there are other classic Mac OS compilers, such as the MPW compilers,
- that were not handled by this case. For classic Mac OS,
- CURL_TYPEOF_CURL_SOCKLEN_T needs to match what's provided by the
- third-party GUSI library, which does not vary by compiler.
+ Closes https://github.com/curl/curl/pull/10314
- Meanwhile CodeWarrior works on platforms other than classic Mac OS, and
- they may need different definitions. Separate blocks could be added
- later for any of those platforms that curl doesn't already support.
+Dan Fandrich (20 Jan 2023)
- Closes #10049
+- docs: POSTFIELDSIZE must be set to -1 with read function
-- vms: remove SIZEOF_SHORT
+ Reported-by: RanBarLavie on github
- The rest of SIZEOF_SHORT was removed in d48dd15.
+ Closes #10313
- See #9291
- Closes #10061
+Stefan Eissing (20 Jan 2023)
-Daniel Gustafsson (8 Dec 2022)
+- vtls: fix hostname handling in filters
-- tool_formparse: avoid clobbering on function params
+ - Copy the hostname and dispname to ssl_connect_data.
- While perfectly legal to do, clobbering function parameters and using
- them as local variables is confusing at best and rarely improves code
- readability. Fix by using a local variable instead, no functionality
- is changed.
+ Use a copy instead of referencing the `connectdata` instance since this
+ may get free'ed on connection reuse.
- This also renames the parameter from data to mime_data since the term
- data is (soft) reserved for the easy handle struct.
+ Reported-by: Stefan Talpalaru
+ Reported-by: sergio-nsk@users.noreply.github.com
- Closes: #10046
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Fixes https://github.com/curl/curl/issues/10273
+ Fixes https://github.com/curl/curl/issues/10309
-- noproxy: guard against empty hostnames in noproxy check
+ Closes https://github.com/curl/curl/pull/10310
- When checking for a noproxy setting we need to ensure that we get
- a hostname passed in. If there is no hostname then there cannot be
- a matching noproxy rule for it by definition.
+Sergey Bronnikov (17 Jan 2023)
- Closes: #10057
- Reported-by: Geeknik Labs
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+- lib: fix typos
-Daniel Stenberg (8 Dec 2022)
+ Closes https://github.com/curl/curl/pull/10307
-- c-hyper: CONNECT respones are not server responses
+- curl_version_info.3: fix typo
- Together with d31915a8dbbd it makes test 265 run fine.
+ Closes https://github.com/curl/curl/pull/10306
- Fixes #8853
- Assisted-by: Prithvi MK
- Assisted-by: Sean McArthur
- Closes #10060
+Jay Satiro (17 Jan 2023)
-- test265: Use "connection: keep-alive" response header
+- openssl: Don't ignore CA paths when using Windows CA store (redux)
- When it answers as HTTP/1.0, so that clients (hyper) knows properly that
- the connection remains intact.
+ .. and remove 'experimental' designation from CURLSSLOPT_NATIVE_CA.
-- RELEASE-NOTES: synced
+ This commit restores the behavior of CURLSSLOPT_NATIVE_CA so that it
+ does not override CURLOPT_CAINFO / CURLOPT_CAPATH, or the hardcoded
+ default locations. Instead the native Windows CA store can be used at
+ the same time.
-Stefan Eissing (8 Dec 2022)
+ ---
-- cfilter: improve SSL connection checks
+ This behavior was originally added over two years ago in abbc5d60
+ (#5585) but then 83393b1a (#7892) broke it over a year ago, I assume
+ inadvertently.
- - fixes `Curl_ssl_cf_get_ssl()` to detect also the first filter instance
- as ssl (refs #10053)
+ The CURLSSLOPT_NATIVE_CA feature was marked experimental and likely
+ rarely used.
- - replaces `Curl_ssl_use()` with the correct `Curl_conn_is_ssl()`
+ Ref: https://github.com/curl/curl/pull/5585
+ Ref: https://github.com/curl/curl/pull/7892
+ Ref: https://curl.se/mail/lib-2023-01/0019.html
- Closes #10054
- Fixes #10053
+ Closes https://github.com/curl/curl/pull/10244
- Reported-by: Patrick Monnerat
+Daniel Stenberg (13 Jan 2023)
-Daniel Stenberg (8 Dec 2022)
+- RELEASE-NOTES: synced
-- runtests: silence nghttpx errors
+- ws: fix autoping handling
- Also, move the output of the nghttpx_h3 info to the general "Env:" line
- in the test output header.
+ Reported-by: Alexey Savchuk
+ Fixes #10289
+ Closes #10294
- Reported-by: Marcel Raad
- Ref: https://github.com/curl/curl/commit/ca15b7512e8d1199e55fbaa206ef01e64b8f
- 147d#commitcomment-92015094
- Closes #10044
+- curl_log: avoid printf() format checking with mingw
-Ryan Schmidt (7 Dec 2022)
+ Since it does not seem to like %zu and more
-- config-mac: define HAVE_SYS_IOCTL_H
+ Follow-up to db91dbbf2
- This is needed to compile nonblock.c on classic Mac OS with Grand
- Unified Socket Interface (GUSI) because nonblock.c uses FIONBIO which is
- defined in <sys/filio.h> which is included by <sys/ioctl.h>.
+ Fixes #10291
+ Closes #10292
- Ref: https://sourceforge.net/projects/gusi/
+- tool_getparam: fix compiler warning when !HAVE_WRITABLE_ARGV
- Closes https://github.com/curl/curl/pull/10042
+ Follow-up to 2ed0e1f70ee176edf3d2
-Philip Heiduck (7 Dec 2022)
+ Closes #10286
-- CI: Change FreeBSD image from 12.3 to 12.4
+Stefan Eissing (12 Jan 2023)
- Ref: https://www.phoronix.com/news/FreeBSD-12.4-Released
+- openssl: make the BIO_METHOD a local variable in the connection filter
- Closes https://github.com/curl/curl/pull/10051
+ This avoids UAF issues when `curl_global_cleanup()` is called before all
+ transfers have been completely handled. Unfortunately this seems to be a
+ more common pattern than we like.
-Ryan Schmidt (7 Dec 2022)
+ Closes #10285
-- test1421: fix typo
+Daniel Stenberg (12 Jan 2023)
- Closes https://github.com/curl/curl/pull/10055
+- curl: output warning at --verbose output for debug-enabled version
-Jay Satiro (7 Dec 2022)
+ + a libcurl warning in the debug output
-- build: assume errno.h is always available
+ Assisted-by: Jay Satiro
- - Remove errno.h detection from all build configurations.
+ Ref: https://curl.se/mail/lib-2023-01/0039.html
+ Closes #10278
- errno.h is a standard header according to C89.
+- src: add --http3-only
- Closes https://github.com/curl/curl/pull/9986
+ Warning: --http3 and --http3-only are subject to change again (or be
+ removed) before HTTP/3 support goes non-experimental.
-- build: assume assert.h is always available
+ Closes #10264
- - Remove assert.h detection from all build configurations.
+- curl.h: add CURL_HTTP_VERSION_3ONLY
- assert.h is a standard header according to C89.
+ As the previous CURL_HTTP_VERSION_3 option gets a slightly altered meaning.
- I had proposed this several years ago as part of a larger change that
- was abandoned.
+ Closes #10264
- Ref: https://github.com/curl/curl/issues/1237#issuecomment-277500720
+- connect: fix access of pointer before NULL check
- Closes https://github.com/curl/curl/pull/9985
+ Detected by Coverity CID 1518992
-Philip Heiduck (7 Dec 2022)
+ Closes #10284
-- CI: LGTM.com will be shut down in December 2022
+Daniel Gustafsson (12 Jan 2023)
- Closes #10052
+- easyoptions: Fix header printing in generation script
-Daniel Stenberg (6 Dec 2022)
+ The optiontable.pl script prints the header comment when generating
+ easyoptions.c, but it wasn't escaping all characters which jumbled the
+ curl ascii logo. Fix by escaping.
-- mailmap: Andy Alt
+ Cloes #10275
-Andy Alt (6 Dec 2022)
+Harry Sintonen (12 Jan 2023)
-- misc: Fix incorrect spelling
+- tool_getparam: fix hiding of command line secrets
- Fix various uses of connnect by replacing them with connect.
+ Closes #10276
- Closes: #10045
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
- Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
+Stefan Eissing (12 Jan 2023)
-Stefan Eissing (6 Dec 2022)
+- tests: document the cfilter debug logging options
-- wolfssl: remove special BIO return code handling
+ Closes #10283
- - rely solely on the retry flag in BIO, similar to OpenSSL vtls
- implementation.
+- curl_log: for failf/infof and debug logging implementations
- Ref: https://github.com/curl/curl/pull/10021#issuecomment-1336147053
+ - new functions and macros for cfilter debugging
+ - set CURL_DEBUG with names of cfilters where debug logging should be
+ enabled
+ - use GNUC __attribute__ to enable printf format checks during compile
- Closes #10033
+ Closes #10271
-Daniel Stenberg (6 Dec 2022)
+Daniel Stenberg (10 Jan 2023)
-- openssl: return -1 on error in the BIO callbacks
+- RELEASE-NOTES: synced
- BIO_read and BIO_write return negative numbers on error, including
- retryable ones. A regression from 55807e6. Both branches should be
- returning -1.
+Nick Banks (10 Jan 2023)
- The APIs are patterned after POSIX read and write which, similarly,
- return -1 on errors, not zero, with EAGAIN treated as an error.
+- msh3: update to v0.6
- Bug: https://github.com/curl/curl/issues/10013#issuecomment-1335308146
- Reported-by: David Benjamin
- Closes #10021
+ Closes #10192
-Ryan Schmidt (6 Dec 2022)
+Stefan Eissing (10 Jan 2023)
-- config-mac: remove HAVE_SYS_SELECT_H
+- ngtcp2: add CURLOPT_SSL_CTX_FUNCTION support for openssl+wolfssl
- When compiling for classic Mac OS with GUSI, there is no sys/select.h.
- GUSI provides the "select" function prototype in sys/time.h.
+ Using common method for SSL_CTX initialization of verfiy peer and CA
+ settings. This also provides X509_STORE sharing to become available for
+ ngtcp2+openssl HTTP/3.
- Closes #10039
+ Reported-by: violetlige on github
-- setup: do not require __MRC__ defined for Mac OS 9 builds
+ Fixes #10222
+ Closes #10239
- Partially reverts "somewhat protect Mac OS X users from using Mac OS 9
- config file", commit 62519bfe059251af2914199f284c736553ff0489.
+Daniel Stenberg (10 Jan 2023)
- Do things that are specific to classic Mac OS (i.e. include config-mac.h
- in curl_setup.h and rename "main" to "curl_main" in tool_setup.h) when
- only "macintosh" is defined. Remove the additional condition that
- "__MRC__" should be defined since that would only be true with the MPW
- MrC compiler which prevents the use of other reasonable compilers like
- the MPW SC compiler and especially the Metrowerks CodeWarrior compilers.
- "macintosh" is only defined by classic Mac OS compilers so this change
- should not affect users of Mac OS X / OS X / macOS / any other OS.
+- cf-socket: make infof() call use %zu for size_t output
- Closes #10037
+ Detected by Coverity CID 1518986 and CID 1518984
-- curl.h: name all public function parameters
+ Closes #10268
- Most public function parameters already have names; this adds those
- that were missing.
+Jon Rumsey (10 Jan 2023)
- Closes #10036
+- os400: fixes to make-lib.sh and initscript.sh
-Andy Alt (6 Dec 2022)
+ Adjust how exports list is generated from header files to account for
+ declarations across multiple lines and CURL_DEPRECATED(...) tags.
-- docs/examples: spell correction ('Retrieve')
+ Update initscript.sh
- Closes #10040
+ Specify qadrt_use_inline to prevent unistd.h in ASCII runtime defining
+ close(a) -> close_a(a)
-Daniel Stenberg (6 Dec 2022)
+ Fixes #10266
+ Closes #10267
-- unit1302: slightly extended
+Stefan Eissing (9 Jan 2023)
- To test more base64 decoding
+- tests-httpd: basic infra to run curl against an apache httpd plus nghttpx for
+ h3
-- base64: faster base64 decoding
+ - adding '--with-test-httpd=<path>' to configure non-standard apache2
+ install
+ - python env and base classes for running httpd
+ - basic tests for connectivity with h1/h2/h3
+ - adding test cases for truncated responses in http versions.
+ - adding goaway test for HTTP/3.
+ - adding "stuttering" tests with parallel downloads in chunks with
+ varying delays between chunks.
- - by using a lookup table instead of strchr()
- - by doing full quantums first, then padding
+ - adding a curltest module to the httpd server, adding GOAWAY test.
+ - mod_curltest now installs 2 handlers
+ - 'echo': writing as response body what came as request body
+ - 'tweak': with query parameters to tweak response behaviour
+ - marked known fails as skip for now
- Closes #10032
+ Closes #10175
-Michael Musset (6 Dec 2022)
+- quic: improve connect error message, debugging info, fix false connect report
-- libssh2: return error when ssh_hostkeyfunc returns error
+ - ECONNECTREFUSED has not its own fail message in quic filters
+ - Debug logging in connect eyballing improved
+ - Fix bug in ngtcp2/quiche that could lead to false success reporting.
- return CURLE_PEER_FAILED_VERIFICATION if verification with the callback
- return a result different than CURLKHMATCH_OK
+ Reported-by: Divy Le Ray
- Closes #10034
+ Fixes #10245
+ Closes #10248
-Viktor Szakats (5 Dec 2022)
+- quiche: fix build without any HTTP/2 implementation
-- Makefile.mk: improve a GNU Make hack [ci skip]
+ Fixes #10260
+ Closes #10263
- Replace the hack of using `$() ` to represent a single space. The new
- method silences the `--warn-undefined-variables` debug warning and it's
- also a better-known form of solving this problem.
+Daniel Stenberg (9 Jan 2023)
- Reviewed-by: Jay Satiro
- Closes #10031
+- .github/workflows/linux.yml: add a quiche CI job
-Daniel Stenberg (5 Dec 2022)
+ Move over from zuul
-- tests/unit/.gitignore: ignore all unit + 4 digits files
+ Closes #10241
-- base64: encode without using snprintf
+- curl.h: allow up to 10M buffer size
- For speed. In some tests, this approch is 29 times faster!
+ Bump the limit from 512K. There might be reasons for applications using
+ h3 to set larger buffers and there is no strong reason for curl to have
+ a very small maximum.
- Closes #10026
+ Ref: https://curl.se/mail/lib-2023-01/0026.html
-- base64: better alloc size
+ Closes #10256
- The previous algorithm allocated more bytes than necessary.
+Tatsuhiro Tsujikawa (8 Jan 2023)
- Suggested-by: xtonik on github
- Fixes #10024
- Closes #10025
+- GHA: use designated ngtcp2 and its dependencies versions
-Ryan Schmidt (5 Dec 2022)
+ Designate ngtcp2 and its dependency versions so that the CI build does
+ not fail without our control.
-- config-mac: fix typo: size_T -> size_t
+ Closes #10257
- Both MPW and CodeWarrior compilers complained about this.
+Daniel Stenberg (8 Jan 2023)
- Closes #10029
+- docs/cmdline-opts/hsts.d: explain hsts more
-Daniel Stenberg (3 Dec 2022)
+ Closes #10258
-- RELEASE-NOTES: synced
+Stefan Eissing (8 Jan 2023)
-Jakub Zakrzewski (2 Dec 2022)
+- msh3: run again in its cfilter
-- CMake: fix build with `CURL_USE_GSSAPI`
+ - test 2500, single GET works
+ - test 2501, single POST stalls
+ - test 2502, multiple, sequential GETs each use a new connection since
+ MsH3ConnectionGetState(qconn) no longer reports CONNECTED after one
+ GET.
- CMAKE_*_LINKER_FLAGS must be a string but GSS_LINKER_FLAGS is a list, so
- we need to replace semicolons with spaces when setting those.
+ Closes #10204
- Fixes #9017
- Closes #1022
+Jay Satiro (8 Jan 2023)
-Max Dymond (2 Dec 2022)
+- sendf: fix build for Linux TCP fastopen
-- ci: Reuse fuzzing snippet from curl-fuzzer project
+ - Fix the remote addr struct dereference.
-Diogo Teles Sant'Anna (2 Dec 2022)
+ - Include cf-socket.h in urldata.h.
-- GHA: clarify workflows permissions, set least possible privilege
+ Follow-up to 6a8d7ef9 which changed conn->ipaddr (Curl_addrinfo* )
+ member to conn->remote_addr (Curl_sockaddr_ex *) several days ago.
- Set top-level permissions to None on all workflows, setting per-job
- permissions. This avoids that new jobs inherit unwanted permissions.
+ Reported-by: Stephan Guilloux
- Discussion: https://curl.se/mail/lib-2022-11/0028.html
+ Fixes https://github.com/curl/curl/issues/10249
+ Closes https://github.com/curl/curl/pull/10250
- Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>
+Daniel Stenberg (7 Jan 2023)
- Closes #9928
+- RELEASE-NOTES: synced
-Viktor Szakats (2 Dec 2022)
+- setopt: move the SHA256 opt within #ifdef libssh2
-- Makefile.mk: address minor issues
+ Because only the libssh2 backend not supports it and thus this should
+ return error if this option is used other backends.
- - Fix `NROFF` auto-detection with certain shell/make-build combinations:
+ Reported-by: Harry Sintonen
- When a non-MSYS2 GNU Make runs inside an MSYS2 shell, Make executes
- the detection command as-is via `CreateProcess()`. It fails because
- `command` is an `sh` built-in. Ensure to explicitly invoke the shell.
+ Closes #10255
- - Initialize user-customizable variables:
+Patrick Monnerat (7 Jan 2023)
- Silences a list of warnings when running GNU Make with the option
- `--warn-undefined-variables`. Another benefit is that it's now easy
- to look up all user-customizable `Makefile.mk` variables by grepping
- for ` ?=` in the curl source tree.
+- nss: implement data_pending method
- Suggested-by: Gisle Vanem
- Ref: https://github.com/curl/curl/pull/9764#issuecomment-1330674433
+ NSS currently uses the default Curl_none_data_pending() method which
+ always returns false, causing TLS buffered input data to be missed.
- - Fix `MKDIR` invocation:
+ The current commit implements the nss_data_pending() method that properly
+ monitors the presence of available TLS data.
- Avoid a warning and potential issue in envs without forward-slash
- support.
+ Ref:#10077
- Closes #10000
+ Closes #10225
-Rob de Wit (2 Dec 2022)
+Jay Satiro (6 Jan 2023)
-- curl_get_line: allow last line without newline char
+- CURLOPT_HEADERDATA.3: warn DLL users must set write function
- improve backwards compatibility
+ - Warn that in Windows if libcurl is running from a DLL and if
+ CURLOPT_HEADERDATA is set then CURLOPT_WRITEFUNCTION or
+ CURLOPT_HEADERFUNCTION must be set as well, otherwise the user may
+ experience crashes.
- Test 3200 verifies
+ We already have a similar warning in CURLOPT_WRITEDATA. Basically, in
+ Windows libcurl could crash writing a FILE pointer that was created by
+ a different C runtime. In Windows each DLL that is part of a program may
+ or may not have its own C runtime.
- Closes #9973
+ Ref: https://github.com/curl/curl/issues/10231
-Daniel Stenberg (2 Dec 2022)
+ Closes https://github.com/curl/curl/pull/10233
-- cookie: open cookie jar as a binary file
+Jon Rumsey (5 Jan 2023)
- On Windows there is a difference and for text files, ^Z means end of
- file which is not desirable.
+- x509asn1: fix compile errors and warnings
- Ref: #9973
- Closes #10017
+ Various small issues when built for GSKit
-- runtests: only do CRLF replacements for hyper if it is HTTP
+ Closes #10238
- Closes #10016
+Patrick Monnerat (5 Jan 2023)
-Stefan Eissing (1 Dec 2022)
+- runtests: fix detection of TLS backends
-- openssl: fix for BoringSSL BIO result interpretation mixups
+ Built-in TLS backends are detected at test time by scanning for their
+ names in the version string line returned by the cli tool: as this line
+ may also list the libssh configuration that mentions its own backend,
+ the curl backend may be wrongly determined.
- Reported-by: Robin Marx
- Fixes #10013
- Closes #10015
+ In example, if the version line contains "libssh/0.10.4/openssl/zlib",
+ OpenSSL is detected as a curl-configured backend even if not.
-Max Dymond (1 Dec 2022)
+ This fix requires the backend names to appear as full words preceded by
+ spacing in the version line to be recognized as curl TLS backends.
-- ci: Remove zuul fuzzing job as it's superseded by CIFuzz
+ Closes #10236
-Daniel Stenberg (1 Dec 2022)
+Andy Alt (5 Jan 2023)
-- runtests: do CRLF replacements per section only
+- GHA: add job on Slackware 15.0
- The `crlf="yes"` attribute and "hyper mode" are now only applied on a
- subset of dedicated sections: data, datacheck, stdout and protocol.
+ Closes #10230
- Updated test 2500 accordingly.
+Daniel Stenberg (5 Jan 2023)
- Also made test1 use crlf="yes" for <protocol>, mostly because it is
- often used as a template test case. Going forward, using this attribute
- we should be able to write test cases using linefeeds only and avoid
- mixed line ending encodings.
+- test363: make even smaller writes to loop more
- Follow-up to ca15b7512e8d11
+- http_proxy: do not assign data->req.p.http use local copy
- Fixes #10009
- Closes #10010
+ Avoid the tricky reusing of the data->req.p.http pointer for http proxy
+ tunneling.
-Stefan Eissing (1 Dec 2022)
+ Fixes #10194
+ Closes #10234
-- gnutls: use common gnutls init and verify code for ngtcp2
+Stefan Eissing (5 Jan 2023)
- Closes #10007
+- quic: rename vquic implementations, fix for quiche build.
-Baitinq on github (1 Dec 2022)
+ - quiche in debug mode did not build, fixed.
+ - moved all vquic implementation files to prefix curl_* to avoid
+ the potential mixups between provided .h files and our own.
+ - quich passes test 2500 and 2502. 2501, the POST, fail with
+ the body being rejected. Quich bug?
-- aws_sigv4: fix typos in aws_sigv4.c
+ Closes #10242
- Closes #10008
+- sectransp: fix for incomplete read/writes
-Kenneth Myhra (30 Nov 2022)
+ SecureTransport expects result code errSSLWouldBlock when the requested
+ length could not be sent/recieved in full. The previous code returned
+ noErr, which let SecureTransport to believe that the IO had terminated
+ prematurely.
-- curl.h: include <sys/select.h> on SerenityOS
+ Fixes #10227
+ Closes #10235
- Closes #10006
+Andy Alt (5 Jan 2023)
-Daniel Stenberg (30 Nov 2022)
+- GHA: Hacktoberfest CI: Update deprecated 'set-output' command
-- openssl: prefix errors with '[lib]/[version]: '
+ Closes #10221
- To help users understand where this (cryptic) error message comes from.
+Jay Satiro (5 Jan 2023)
- Suggested-by: Philip Sanetra
- Ref: #10002
- Closes #10004
+- scripts: set file mode +x on all perl and shell scripts
-Stefan Eissing (30 Nov 2022)
+ - Set all scripts +x, ie 644 => 755.
-- tests: add HTTP/3 test case, custom location for proper nghttpx
+ Prior to this change some scripts were not executable and therefore
+ could not be called directly.
- - adding support for HTTP/3 test cases via a nghttpx server that is
- build with ngtcp2 and nghttp3.
- - test2500 is the first test case, performing a simple GET.
- - nghttpx is checked for support and the 'feature' nghttpx-h3
- is set accordingly. test2500 will only run, when supported.
- - a specific nghttpx location can be given in the environment
- variable NGHTTPX or via the configure option
- --with-test-nghttpx=<path>
+ ~~~
+ git ls-files -s \*.{sh,pl,py} | grep -v 100755
+ ~~~
- Extend NGHTTPX config to H2 tests as well
+ Closes https://github.com/curl/curl/pull/10219
- * use $ENV{NGHTTPX} and the configured default also in http2 server starts
- * always provide the empty test/nghttpx.conf to nghttpx. as it defaults to
- reading /etc/nghttpx/nghttpx.conf otherwise.
+Stefan Eissing (4 Jan 2023)
- Added nghttpx to CI ngtcp2 jobs to run h3 tests.
+- tool_operate: fix headerfile writing
- Closes #9031
+ Do not rely on the first transfer started to be the first to get a
+ response (remember -Z). All transfers now write the headefile (-D) in
+ append mode, making sure that the order of transfer responses does not
+ lead to overwrites of previous data.
-Daniel Stenberg (30 Nov 2022)
+ Closes #10224
-- RELEASE-NOTES: synced
+Daniel Stenberg (4 Jan 2023)
- Removed duplicate after contributors.sh fix: 9967c10b6daa1
+- misc: reduce struct and struct field sizes
-- scripts/contributors.sh: strip one OR MORE leading spaces
+ - by using BIT() instead of bool
+ - imap: shrink struct
+ - ftp: make state 'unsigned char'
+ - ftp: sort ftp_conn struct entries on size
+ - urldata: use smaller fields for SSL version info storage
+ - pop3: reduce the pop3_conn struct size
+ - smtp: reduce the size of the smtp structs
- From names found credited in commit logs
+ Closes #10186
-- RELEASE-NOTES: synced
+- noproxy: support for space-separated names is deprecated
-- openssl/mbedtls: use %d for outputing port with failf (int)
+ To be removed in July 2024.
- Coverity CID 1517100
+ Assisted-by: Michael Osipov
+ Fixes #10209
+ Closes #10215
- Also, remove some int typecasts in vtls.c for the port number
+Andrei Rybak (4 Jan 2023)
- Closes #10001
+- lib: fix typos in comments which repeat a word
-- KNOWN_BUGS: remove "Multi perform hangs waiting for threaded resolver"
+ Remove erroneously duplicated words in code comments of files
+ `lib.connect.c` and `lib/url.c`.
- We now offer a way to avoid that hang, using CURLOPT_QUICK_EXIT.
+ Closes #10220
- Follow-up to 49798cac832ab1 fixed via #9147
+Radek Brich (3 Jan 2023)
- Closes #9999
+- cmake: set SOVERSION also for macOS
-- KNOWN_BUGS: remove "--interface for ipv6 binds to unusable IP address"
+ Closes #10214
- Since years back the "if2ip" function verifies that it binds to a local IPv6
- address that uses the same scope as the remote address.
+Jay Satiro (3 Jan 2023)
- This is not a bug.
+- http2: fix compiler warning due to uninitialized variable
- Fixes #686
- Closes #9998
+ Prior to this change http2_cfilter_add could return an uninitialized
+ cfilter pointer in an OOM condition. In this case though, the pointer
+ is discarded and not dereferenced so there was no risk of a crash.
-- test1276: verify lib/optiontable.pl
+Stefan Eissing (3 Jan 2023)
- Checks that it generates an output identical to the file.
+- cf-socket: keep sockaddr local in the socket filters
-- lib/optiontable.pl: adapt to CURLOPTDEPRECATED()
+ - copy `struct Curl_addrinfo` on filter setup into context
+ - remove `struct Curl_addrinfoi *` with `struct Curl_sockaddr_ex *` in
+ connectdata that is set and NULLed by the socket filter
+ - this means we have no reference to the resolver info in connectdata or
+ its filters
+ - trigger the CF_CTRL_CONN_INFO_UPDATE event when the complete filter
+ chain reaches connected status
+ - update easy handle connection information on CF_CTRL_DATA_SETUP event.
- Follow-up from 6967571bf20624bc
+ Closes #10213
- Reported-by: Gisle Vanem
+Daniel Stenberg (3 Jan 2023)
- Fixes #9992
- Closes #9993
+- RELEASE-NOTES: synced
-- docs/INSTALL.md: list OSes and CPUs quoted
+- runtests: consider warnings fatal and error on them
- to make them skip spellcheck. Also added a new CPU.
+ To help us detect and fix warnings in this script easier and faster.
- Follow-up to 4506cbf7f24a2a
+ Assisted-by: Jakob Hirsch
- Closes #9997
+ Ref: #10206
+ Closes #10208
-Ikko Ashimine (28 Nov 2022)
+- copyright: update all copyright lines and remove year ranges
-- vtls: fix typo in vtls_int.h
+ - they are mostly pointless in all major jurisdictions
+ - many big corporations and projects already don't use them
+ - saves us from pointless churn
+ - git keeps history for us
+ - the year range is kept in COPYING
- paramter -> parameter
+ checksrc is updated to allow non-year using copyright statements
- Closes: #9996
- Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
+ Closes #10205
-Daniel Stenberg (28 Nov 2022)
+- docs/DEPRECATE.md: deprecate gskit
-- curl-openssl.m4: do not add $prefix/include/openssl to CPPFLAGS
+ Ref: #10163
- As OpenSSL's include files are all included using <openssl/*.h> in curl
- source code, we just risk that existing openssl files will "shadow"
- include files without path if that path is provided.
+ - This is a niche TLS library, only running on some IBM systems
+ - no regular curl contributors use this backend
+ - no CI builds use or verify this backend
+ - gskit, or the curl adaption for it, lacks many modern TLS features
+ making it an inferior solution
+ - build breakages in this code take weeks or more to get detected
+ - fixing gskit code is mostly done "flying blind"
- Fixes #9989
- Closes #9988
+ Closes #10201
-- INSTALL: update operating systems and CPU archs
+- Revert "x509asn1: avoid freeing unallocated pointers"
- Update after recent runs on Twitter/Mastodon and my blog
+ This reverts commit 6b19247e794cfdf4ec63c5880d8f4f5485f653ab.
- Closes #9994
+ Fixes #10163
+ Closes #10207
-Stefan Eissing (28 Nov 2022)
+- ngtcp2: fix the build without 'sendmsg'
-- tls: backends use connection filters for IO, enabling HTTPS-proxy
+ Follow-up from 71b7e0161032
- - OpenSSL (and compatible)
- - BearSSL
- - gnutls
- - mbedtls
- - rustls
- - schannel
- - secure-transport
- - wolfSSL (v5.0.0 and newer)
+ Closes #10210
- This leaves only the following without HTTPS-proxy support:
- - gskit
- - nss
- - wolfSSL (versions earlier than v5.0.0)
+- cmake: check for sendmsg
- Closes #9962
+ Used by ngtcp2
-Daniel Stenberg (28 Nov 2022)
+ Closes #10211
-- include/curl/curl.h: bump the deprecated requirements to gcc 6.1
+Timmy Schierling (2 Jan 2023)
- Reported-by: Michael Kaufmann
- Fixes #9917
- Closes #9987
+- runtest.pl: add expected fourth return value
-Patrick Monnerat (28 Nov 2022)
+ Fixes warning in autobild log: "Use of uninitialized value $HTTP2TLSPORT
+ in substitution iterator at /tests/runtests.pl line 3516"
-- mime: relax easy/mime structures binding
+ Closes #10206
- Deprecation and removal of codeset conversion support from the library
- have released the strict need for an early binding of mime structures to
- an easy handle (https://github.com/curl/curl/commit/2610142).
+Daniel Stenberg (2 Jan 2023)
- This constraint currently forces to create the handle before the mime
- structure and the latter cannot be attached to another handle once
- created (see https://curl.se/mail/lib-2022-08/0027.html).
+- http2: when using printf %.*s, the length arg must be 'int'
- This commit removes the handle pointers from the mime structures
- allowing more flexibility on their use.
+ Detected by Coverity CID 1518341
- When an easy handle is duplicated, bound mime structures must however
- still be duplicated too as their components hold send-time dynamic
- information.
+ Closes #10203
- Closes #9927
+- cfilters: check for NULL before using pointer
-fractal-access (26 Nov 2022)
+ Detected by Coverity CID 1518343
-- test416: verify growing FTP file support
+ Closes #10202
- Added setting: RETRSIZE [size] in the <servercmd> section. When set this
- will cause the test FTP server to return the size set (rather than the
- actual size) in the acknowledgement from a RETR request.
+- http2: in connisdead check, attach the connection before reading
- Closes #9772
+ Otherwise data->conn is NULL and things go wrong.
-- ftp: support growing files with CURLOPT_IGNORE_CONTENT_LENGTH
+ This problem caused occastional failures in test 359, 1700 and more
+ depending on timing and the alignment of various planets.
- When using the option CURLOPT_IGNORE_CONTENT_LENGTH (set.ignorecl in
- code) to support growing files in FTP, the code should ignore the
- initial size it gets from the server as this will not be the final size
- of the file. This is done in ftp_state_quote() to prevent a size request
- being issued in the initial sequence. However, in a later call to
- ftp_state_get_resp() the code attempts to get the size of the content
- again if it doesn't already have it, by parsing the response from the
- RETR request. This fix prevents this parsing of the response to get the
- size when the set.ignorecl option is set. This should maintain the size
- value as -1, unknown, in this situation.
+ Assisted-by: Stefan Eissing
- Closes #9772
+ Closes #10199
-Stefan Eissing (26 Nov 2022)
+Philip Heiduck (2 Jan 2023)
-- cfilter: re-add `conn` as parameter to cfilter setup methods
+- Linux CI: update some dependecies to latest tag
- - `Curl_ssl_get_config()` now returns the first config if no SSL proxy
- filter is active
+ Closes #10195
- - socket filter starts connection only on first invocation of its
- connect method
+Daniel Stenberg (2 Jan 2023)
- Fixes #9982
- Closes #9983
+- c-hyper: move down the Accept-Encoding header generation
-Daniel Stenberg (26 Nov 2022)
+ To match the internal HTTP request header order so that test 1277 works
+ again.
-- KNOWN_BUGS: remove five FTP related issues
+ Closes #10200
- - "FTP with CONNECT and slow server"
+- release-notes.pl: check fixes/closes lines better
- I believe this is not a problem these days.
+ To better skip lines that just happen to mention those words at the
+ start of a line without being instructions.
- - "FTP with NULs in URL parts"
+- test1560: use a UTF8-using locale when run
- The FTP protocol does not support them properly anyway.
+ There are odd cases that don't use UTF8 and then the IDN handling goes
+ wrong.
- - remove "FTP and empty path parts in the URL"
+ Reported-by: Marcel Raad
+ Fixes #10193
+ Closes #10196
- I don't think this has ever been reported as a real problem but was only
- a hypothetical one.
+- cf-socket: fix build regression
- - "Premature transfer end but healthy control channel"
+ Reported-by: Stephan Guilloux
+ Fixes #10190
+ Closes #10191
- This is not a bug, this is an optimization that *could* be performed but is
- not an actual problem.
+- examples: remove the curlgtk.c example
- - "FTP without or slow 220 response"
+ - it does not add a lot of value
+ - we do not test-build it to verify because of its dependencies
+ - unclear for what GTK versions it works or not
- Instead add to the documentation of the connect timeout that the
- connection is considered complete at TCP/TLS/QUIC layer.
+ Reported-by: odek86 on github
- Closes #9979
+ Fixes #10197
+ Closes #10198
-Stefan Eissing (26 Nov 2022)
+Andy Alt (2 Jan 2023)
-- tests: add authorityInfoAccess to generated certs
+- docs: add link to GitHub Discussions
- Generate stunnel.pem as well
+ Closes #10171
- Closes #9980
+- GHA: ignore changes to md files for most workflows
-Daniel Stenberg (25 Nov 2022)
+ Closes #10176
-- runtests: --no-debuginfod now disables DEBUGINFOD_URLS
+Josh Brobst (2 Jan 2023)
- Prior to this change, DEBUGINFOD_URLS was always disabled by runtests
- due to a report of it slowing down tests. However, some setups need it
- to fetch debug symbols, and if it is disabled on those systems then curl
- tests with valgrind will fail.
+- http: decode transfer encoding first
- Reported-by: Mark Gaiser
+ The unencoding stack is added to as Transfer-Encoding and
+ Content-Encoding fields are encountered with no distinction between the
+ two, meaning the stack will be incorrect if, e.g., the message has both
+ fields and a non-chunked Transfer-Encoding comes first. This commit
+ fixes this by ordering the stack with transfer encodings first.
- Ref: #8805
- Closes #9950
+ Reviewed-by: Patrick Monnerat
+ Closes #10187
-Casey Bodley (25 Nov 2022)
+Daniel Stenberg (1 Jan 2023)
-- test/aws_sigv4: test cases for content-sha256
+- curl.h: mark CURLSSLBACKEND_MESALINK as deprecated
- 1956 adds the sha256 value corresponding to an empty buffer
- 1957 adds an arbitrary value and confirms that the signature differs from 195
- 6
- 1958 adds whitespace to 1957 and confirms that the signature matches 1957
- 1959 adds a value longer than 'char sha_hex[65]' in Curl_output_aws_sigv4()
+ Follow-up since 223f26c28a340b36
- Signed-off-by: Casey Bodley <cbodley@redhat.com>
+ Deprecated since 7.82.0
- Closes #9804
+ Closes #10189
-- aws_sigv4: consult x-%s-content-sha256 for payload hash
+- curl_global_sslset.3: clarify the openssl situation
- `Curl_output_aws_sigv4()` doesn't always have the whole payload in
- memory to generate a real payload hash. this commit allows the user to
- pass in a header like `x-amz-content-sha256` to provide their desired
- payload hash
+ and add rustls
- some services like s3 require this header, and may support other values
- like s3's `UNSIGNED-PAYLOAD` and `STREAMING-AWS4-HMAC-SHA256-PAYLOAD`
- with special semantics. servers use this header's value as the payload
- hash during signature validation, so it must match what the client uses
- to generate the signature
+ Closes #10188
- CURLOPT_AWS_SIGV4.3 now describes the content-sha256 interaction
+Cameron Blomquist (1 Jan 2023)
- Signed-off-by: Casey Bodley <cbodley@redhat.com>
+- http: add additional condition for including stdint.h
- Closes #9804
+ stdint.h was only included in http.h when ENABLE_QUIC was defined, but
+ symbols from stdint.h are also used when USE_NGHTTP2 is defined. This
+ causes build errors when USE_NGHTTP2 is defined but ENABLE_QUIC is not.
-Philip Heiduck (25 Nov 2022)
+ Closes #10185
-- GHA: NSS use clang instead of clang-9
+Daniel Stenberg (31 Dec 2022)
- Closes #9978
+- urldata: cease storing TLS auth type
-Daniel Stenberg (25 Nov 2022)
+ The only TLS auth type libcurl ever supported is SRP and that is the
+ default type. Since nobody ever sets any other type, there is no point
+ in wasting space to store the set type and code to check the type.
-- RELEASE-NOTES: synced
+ If TLS auth is used, SRP is now implied.
-- tool_operate: override the numeric locale and set "C" by force
+ Closes #10181
- Makes curl always use dot as decimal separator for options,
- independently of what the locale says. Makes scripts and command lines
- portable.
+- vtls: use ALPN HTTP/1.0 when HTTP/1.0 is used
- Updated docs accordingly.
+ Previously libcurl would use the HTTP/1.1 ALPN id even when the
+ application specified HTTP/1.0.
- Reported-by: Daniel Faust
+ Reported-by: William Tang
+ Ref: #10183
- Fixes #9969
- Closes #9972
+Marcel Raad (30 Dec 2022)
-- test1662: verify formpost, 301 redirect, no rewind possible
+- lib670: make test.h the first include
- Reproduces #9735 and verifies the subsequent fix. The original issue
- uses a pipe that cannot be rewound, but this test case instead sets a
- callback without rewind ability to get roughly the same properties but
- being a much more portable test.
+ As in all other lib tests. This avoids a macro redefinition warning for
+ `_FILE_OFFSET_BITS` visible in the autobuilds.
-- lib: rewind BEFORE request instead of AFTER previous
+ Closes https://github.com/curl/curl/pull/10182
- This makes a big difference for cases when the rewind is not actually
- necessary to perofm (for example HTTP response code 301 converts to GET)
- and therefore the rewind can be avoided. In particular for situations
- when that rewind fails, for example when reading from a pipe or similar.
+Stefan Eissing (30 Dec 2022)
- Reported-by: Ali Utku Selen
+- lib: connect/h2/h3 refactor
- Fixes #9735
- Closes #9958
+ Refactoring of connection setup and happy eyeballing. Move
+ nghttp2. ngtcp2, quiche and msh3 into connection filters.
-- vtls: repair build with disabled proxy
+ - eyeballing cfilter that uses sub-filters for performing parallel connects
+ - socket cfilter for all transport types, including QUIC
+ - QUIC implementations in cfilter, can now participate in eyeballing
+ - connection setup is more dynamic in order to adapt to what filter did
+ really connect. Relevant to see if a SSL filter needs to be added or
+ if SSL has already been provided
+ - HTTP/3 test cases similar to HTTP/2
+ - multiuse of parallel transfers for HTTP/3, tested for ngtcp2 and quiche
- Closes #9974
+ - Fix for data attach/detach in VTLS filters that could lead to crashes
+ during parallel transfers.
+ - Eliminating setup() methods in cfilters, no longer needed.
+ - Improving Curl_conn_is_alive() to replace Curl_connalive() and
+ integrated ssl alive checks into cfilter.
+ - Adding CF_CNTRL_CONN_INFO_UPDATE to tell filters to update
+ connection into and persist it at the easy handle.
-Daniel Gustafsson (23 Nov 2022)
+ - Several more cfilter related cleanups and moves:
+ - stream_weigth and dependency info is now wrapped in struct
+ Curl_data_priority
+ - Curl_data_priority members depend is available in HTTP2|HTTP3
+ - Curl_data_priority members depend on NGHTTP2 support
+ - handling init/reset/cleanup of priority part of url.c
+ - data->state.priority same struct, but shallow copy for compares only
-- packaging: remove traces of deleted files
+ - PROTOPT_STREAM has been removed
+ - Curl_conn_is_mulitplex() now available to check on capability
- Commit a8861b6cc removed packages/DOS but left a few traces of it
- which broke the distcheck CI. Remove all traces.
+ - Adding query method to connection filters.
+ - ngtcp2+quiche: implementing query for max concurrent transfers.
- Closes: #9971
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ - Adding is_alive and keep_alive cfilter methods. Adding DATA_SETUP event.
+ - setting keepalive timestamp on connect
+ - DATA_SETUP is called after the connection has been completely
+ setup (but may not connected yet) to allow filters to initialize
+ data members they use.
-- openssl: silence compiler warning when not using IPv6
+ - there is no socket to be had with msh3, it is unclear how select
+ shall work
- In non-IPv6 builds the conn parameter is unused, and compilers which
- run with "-Werror=unused-parameter" (or similar) warnings turned on
- fails to build. Below is an excerpt from a CI job:
+ - manual test via "curl --http3 https://curl.se" fail with "empty
+ reply from server".
- vtls/openssl.c: In function ‘Curl_ossl_verifyhost’:
- vtls/openssl.c:2016:75: error: unused parameter ‘conn’ [-Werror=unused-
- parameter]
- 2016 | CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connec
- tdata *conn,
- | ~~~~~~~~~~~~~
- ~~~~~~~^~~~
+ - Various socket/conn related cleanups:
+ - Curl_socket is now Curl_socket_open and in cf-socket.c
+ - Curl_closesocket is now Curl_socket_close and in cf-socket.c
+ - Curl_ssl_use has been replaced with Cur_conn_is_ssl
+ - Curl_conn_tcp_accepted_set has been split into
+ Curl_conn_tcp_listen_set and Curl_conn_tcp_accepted_set
+ with a clearer purpose
- Closes: #9970
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Closes #10141
-- netware: remove leftover traces
+Daniel Stenberg (30 Dec 2022)
- Commit 3b16575ae938dec2a29454631a12aa52b6ab9c67 removed support for
- building on Novell Netware, but a few leftover traces remained. This
- removes the last bits.
+- RELEASE-NOTES: synced
- Closes: #9966
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+- docs/libcurl/curl_getdate.3: minor whitespace edit
-Ryan Schmidt (23 Nov 2022)
+ To avoid a fccp quirk that made it render wrongly on the website
-- curl_endian: remove Curl_write64_le from header
+- transfer: break the read loop when RECV is cleared
- The actual function was already removed in 4331c6dc.
+ When the RECV bit is cleared because the response reading for this
+ transfer is complete, the read loop should be stopped. data_pending()
+ can otherwise still return TRUE and another read would be attempted.
- See #7280
- Closes #9968
+ Reported-by: Hide Ishikawa
+ Fixes #10172
+ Closes #10174
-Daniel Stenberg (22 Nov 2022)
+- multihandle: turn bool struct fields into bits
-- docs: add more "SEE ALSO" links to CA related pages
+ Closes #10179
- Closes #9959
+Stefan Eissing (30 Dec 2022)
-- examples: update descriptions
+- ftpserver: lower the normal DATA connect timeout to speed up torture tests
- Make them not say "this is an example showing..." and instead just say
- what the example shows.
+ - tests/ftpserver.pl blocks when expecting a DATA connection from the
+ client.
- Closes #9960
+ - the previous 10 seconds were encountered repeatedly in torture tests
+ and let to long waits.
-Stefan Eissing (22 Nov 2022)
+ - 2 seconds should still be sufficient for current hw, but CI will show.
-- vtls: localization of state data in filters
+ Closes #10178
- - almost all backend calls pass the Curl_cfilter intance instead of
- connectdata+sockindex
- - ssl_connect_data is remove from struct connectdata and made internal
- to vtls
- - ssl_connect_data is allocated in the added filter, kept at cf->ctx
+Nick Banks (28 Dec 2022)
- - added function to let a ssl filter access its ssl_primary_config and
- ssl_config_data this selects the propert subfields in conn and data,
- for filters added as plain or proxy
- - adjusted all backends to use the changed api
- - adjusted all backends to access config data via the exposed
- functions, no longer using conn or data directly
+- msh3: add support for request payload
- cfilter renames for clear purpose:
+ Closes #10136
- - methods `Curl_conn_*(data, conn, sockindex)` work on the complete
- filter chain at `sockindex` and connection `conn`.
- - methods `Curl_cf_*(cf, ...)` work on a specific Curl_cfilter
- instance.
- - methods `Curl_conn_cf()` work on/with filter instances at a
- connection.
- - rebased and resolved some naming conflicts
- - hostname validation (und session lookup) on SECONDARY use the same
- name as on FIRST (again).
+Stefan Eissing (28 Dec 2022)
- new debug macros and removing connectdata from function signatures where not
- needed.
+- openssl: remove attached easy handles from SSL instances
- adapting schannel for new Curl_read_plain paramter.
+ - keeping the "current" easy handle registered at SSL* is no longer
+ necessary, since the "calling" data object is already stored in the
+ cfilter's context (and used by other SSL backends from there).
+ - The "detach" of an easy handle that goes out of scope is then avoided.
+ - using SSL_set0_wbio for clear reference counting where available.
- Closes #9919
+ Closes #10151
-Daniel Stenberg (22 Nov 2022)
+Daniel Stenberg (28 Dec 2022)
-- examples/10-at-a-time: fix possible skipped final transfers
+- socketpair: allow localhost MITM sniffers
- Prior to this change if curl_multi_perform returned 0 running handles
- and then all remaining transfers were added, then the perform loop would
- end immediately without performing those transfers.
+ Windows allow programs to MITM connections to localhost. The previous
+ check here would detect that and error out. This new method writes data
+ to verify the pipe thus allowing MITM.
- Reported-by: Mikhail Kuznetsov
+ Reported-by: SerusDev on github
+ Fixes #10144
+ Closes #10169
- Fixes https://github.com/curl/curl/issues/9953
- Closes https://github.com/curl/curl/pull/9954
+- HTTP3: mention what needs to be in place to remove EXPERIMENTAL label
-Viktor Szakats (22 Nov 2022)
+ Closes #10168
-- Makefile.mk: portable Makefile.m32
+Andy Alt (28 Dec 2022)
- Update bare GNU Make `Makefile.m32` to:
+- MANUAL.md: add pipe to apt-key example
- - Move objects into a subdirectory.
- - Add support for MS-DOS. Tested with DJGPP.
- - Add support for Watt-32 (on MS-DOS).
- - Add support for AmigaOS.
- - Rename `Makefile.m32` to `Makefile.mk`
- - Replace `ARCH` with `TRIPLET`.
- - Build `tool_hugehelp.c` proper (when tools are available).
- - Drop MS-DOS compatibility macro `USE_ZLIB` (replaced by `HAVE_LIBZ`)
- - Add support for `ZLIB_LIBS` to override `-lz`.
- - Omit object files when building examples.
- - Default `CC` to `gcc` once again, for convenience. (Caveat: compiler
- name `cc` cannot be set now.)
- - Set `-DCURL_NO_OLDIES` for examples, like autotools does.
- - Delete `makefile.dj` files. Notice the configuration details and
- defaults are not retained with the new method.
- - Delete `makefile.amiga` files. A successful build needs a few custom
- options. We're also not retaining all build details from the existing
- Amiga make files.
- - Rename `Makefile.m32` to `Makefile.mk` to reflect that they are not
- Windows/MinGW32-specific anymore.
- - Add support for new `CFG` options: `-map`, `-debug`, `-trackmem`
- - Set `-DNDEBUG` by default.
- - Allow using `-DOS=...` in all `lib/config-*.h` headers, syncing this
- with `config-win32.h`.
- - Look for zlib parts in `ZLIB_PATH/include` and `ZLIB_PATH/lib`
- instead of bare `ZLIB_PATH`.
+ Closes #10170
- Note that existing build configurations for MS-DOS and AmigaOS likely
- become incompatible with this change.
+Daniel Stenberg (27 Dec 2022)
- Example AmigaOS configuration:
- ```
- export CROSSPREFIX=/opt/amiga/bin/m68k-amigaos-
- export CC=gcc
- export CPPFLAGS='-DHAVE_PROTO_BSDSOCKET_H'
- export CFLAGS='-mcrt=clib2'
- export LDFLAGS="${CFLAGS}"
- export LIBS='-lnet -lm'
- make -C lib -f Makefile.mk
- make -C src -f Makefile.mk
- ```
+- test417: verify %{certs} output
- Example MS-DOS configuration:
- ```
- export CROSSPREFIX=/opt/djgpp/bin/i586-pc-msdosdjgpp-
- export WATT_PATH=/opt/djgpp/net/watt
- export ZLIB_PATH=/opt/djgpp
- export OPENSSL_PATH=/opt/djgpp
- export OPENSSL_LIBS='-lssl -lcrypt'
- export CFG=-zlib-ssl
- make -C lib -f Makefile.mk
- make -C src -f Makefile.mk
- ```
+- runtests: make 'mbedtls' a testable feature
- Closes #9764
+ Also add to FILEFORMAT.md
-Stefan Eissing (22 Nov 2022)
+- writeout: add %{certs} and %{num_certs}
-- cfiler: filter types have flags indicating what they do
+ Let users get the server certificate chain using the command line
- - Adding Curl_conn_is_ip_connected() to check if network connectivity
- has been reached
+ Closes #10019
- - having ftp wait for network connectivity before proceeding with
- transfers.
+Stefan Eissing (27 Dec 2022)
- Fixes test failures 1631 and 1632 with hyper.
+- haxproxy: send before TLS handhshake
- Closes #9952
+ - reverse order of haproxy and final ssl cfilter
-Daniel Stenberg (21 Nov 2022)
+ - make haproxy avaiable on PROXY builds, independent of HTTP support as
+ it can be used with any protocol.
-- RELEASE-NOTES: synced
+ Reported-by: Sergio-IME on github
+ Fixes #10165
+ Closes #10167
-Jay Satiro (20 Nov 2022)
+Daniel Stenberg (27 Dec 2022)
-- sendf: change Curl_read_plain to wrap Curl_recv_plain (take 2)
+- RELEASE-NOTES: synced
- Prior to this change Curl_read_plain would attempt to read the
- socket directly. On Windows that's a problem because recv data may be
- cached by libcurl and that data is only drained using Curl_recv_plain.
+- test446: verify hsts with two URLs
- Rather than rewrite Curl_read_plain to handle cached recv data, I
- changed it to wrap Curl_recv_plain, in much the same way that
- Curl_write_plain already wraps Curl_send_plain.
+- runtests: support crlf="yes" for verify/proxy
- Curl_read_plain -> Curl_recv_plain
- Curl_write_plain -> Curl_send_plain
+- hsts: handle adding the same host name again
- This fixes a bug in the schannel backend where decryption of arbitrary
- TLS records fails because cached recv data is never drained. We send
- data (TLS records formed by Schannel) using Curl_write_plain, which
- calls Curl_send_plain, and that may do a recv-before-send
- ("pre-receive") to cache received data. The code calls Curl_read_plain
- to read data (TLS records from the server), which prior to this change
- did not call Curl_recv_plain and therefore cached recv data wasn't
- retrieved, resulting in malformed TLS records and decryption failure
- (SEC_E_DECRYPT_FAILURE).
+ It will then use the largest expire time of the two entries.
- The bug has only been observed during Schannel TLS 1.3 handshakes. Refer
- to the issue and PR for more information.
+- tool_operate: share HSTS between handles
- --
+- share: add sharing of HSTS cache among handles
- This is take 2 of the original fix. It preserves the original behavior
- of Curl_read_plain to write 0 to the bytes read parameter on error,
- since apparently some callers expect that (SOCKS tests were hanging).
- The original fix which landed in 12e1def5 and was later reverted in
- 18383fbf failed to work properly because it did not do that.
+ Closes #10138
- Also, it changes Curl_write_plain the same way to complement
- Curl_read_plain, and it changes Curl_send_plain to return -1 instead of
- 0 on CURLE_AGAIN to complement Curl_recv_plain.
+Viktor Szakats (27 Dec 2022)
- Behavior on error with these changes:
+- Makefile.mk: fix wolfssl and mbedtls default paths
- Curl_recv_plain returns -1 and *code receives error code.
- Curl_send_plain returns -1 and *code receives error code.
- Curl_read_plain returns error code and *n (bytes read) receives 0.
- Curl_write_plain returns error code and *written receives 0.
+ Fix the defaults for `WOLFSSL_PATH` and `MBEDTLS_PATH` to have
+ meaningful values instead of the copy-pasted wrong ones.
- --
+ Ref: https://github.com/curl/curl/commit/66e68ca47f7fd00dff2cb7c45ba6725d4009
+ 9585#r94275172
- Ref: https://github.com/curl/curl/issues/9431#issuecomment-1312420361
+ Reported-by: Ryan Schmidt
+ Closes #10164
- Assisted-by: Joel Depooter
- Reported-by: Egor Pugin
+Daniel Stenberg (27 Dec 2022)
- Fixes https://github.com/curl/curl/issues/9431
- Closes https://github.com/curl/curl/pull/9949
+- INTERNALS: cleanup
-Sean McArthur (19 Nov 2022)
+ - remove "operating systems" (mostly outdated)
-- hyper: classify headers as CONNECT and 1XX
+ - upodate the "build tools"
- Closes #9947
+ Closes #10162
-Stefan Eissing (19 Nov 2022)
+- cmake: bump requirement to 3.7
-- ftp: fix "AUTH TLS" on primary conn and for SSL in PASV second conn
+ Because this is the cmake version (released in November 2016) that
+ introduced GREATER_EQUAL, which is used already.
- Follow-up to dafdb20a26d0c89
+ Reported-by: nick-telia on github
+ Fixes #10128
+ Closes #10161
- Reported-by: Anthony Hu
- Closes #9948
+- cfilters:Curl_conn_get_select_socks: use the first non-connected filter
-Jay Satiro (19 Nov 2022)
+ When there are filters addded for both socket and SSL, the code
+ previously checked the SSL sockets during connect when it *should* first
+ check the socket layer until that has connected.
-- CURLOPT_POST.3: Explain setting to 0 changes request type
+ Fixes #10157
+ Fixes #10146
+ Closes #10160
- Bug: https://github.com/curl/curl/issues/9849
- Reported-by: MonkeybreadSoftware@users.noreply.github.com
+ Reviewed-by: Stefan Eissing
- Closes https://github.com/curl/curl/pull/9942
+- urlapi: add CURLU_PUNYCODE
-Daniel Stenberg (19 Nov 2022)
+ Allows curl_url_get() get the punycode version of host names for the
+ host name and URL parts.
-- docs/INSTALL.md: expand on static builds
+ Extend test 1560 to verify.
- Remove from KNOWN_BUGS
+ Closes #10109
- Closes #9944
+- RELEASE-NOTES: synced
-Stefan Eissing (19 Nov 2022)
+- libssh2: try sha2 algos for hostkey methods
-- http: restore h3 to working condition after connection filter introduction
+ As is supported by recent libssh2, but should just be ignored by older
+ versions.
- Follow-up to dafdb20a26d0c
+ Reported-by: norbertmm on github
+ Assisted-by: norbertmm on github
+ Fixes #10143
+ Closes #10145
- HTTP/3 needs a special filter chain, since it does the TLS handling
- itself. This PR adds special setup handling in the HTTP protocol handler
- that takes are of it.
+Patrick Monnerat (26 Dec 2022)
- When a handler, in its setup method, installs filters, the default
- behaviour for managing the filter chain is overridden.
+- typecheck: accept expressions for option/info parameters
- Reported-by: Karthikdasari0423 on github
+ As expressions can have side effects, evaluate only once.
- Fixes #9931
- Closes #9945
+ To enable deprecation reporting only once, get rid of the __typeof__
+ use to define the local temporary variable and use the target type
+ (CURLoption/CURLINFO). This also avoids multiple reports on type
+ conflicts (if some) by the curlcheck_* macros.
-Daniel Stenberg (18 Nov 2022)
+ Note that CURLOPT_* and CURLINFO_* symbols may be deprecated, but not
+ their values: a curl_easy_setopt call with an integer constant as option
+ will never report a deprecation.
-- urldata: change port num storage to int and unsigned short
+ Reported-by: Thomas Klausner
+ Fixes #10148
+ Closes #10149
- Instead of long.
+Paul Howarth (26 Dec 2022)
- Closes #9946
+- tests: avoid use of sha1 in certificates
-- Revert "sendf: change Curl_read_plain to wrap Curl_recv_plain"
+ The SHA-1 algorithm is deprecated (particularly for security-sensitive
+ applications) in a variety of OS environments. This already affects
+ RHEL-9 and derivatives, which are not willing to use certificates using
+ that algorithm. The fix is to use sha256 instead, which is already used
+ for most of the other certificates in the test suite.
- This reverts commit 12e1def51a75392df62e65490416007d7e68dab9.
+ Fixes #10135
- It introduced SOCKS proxy fails, like test 700 never ending.
+ This gets rid of issues related to sha1 signatures.
- Reopens #9431
+ Manual steps after "make clean-certs" and "make build-certs":
-- HTTP-COOKIES.md: update the 6265bis link to draft-11
+ - Copy tests/certs/stunnel-sv.pem to tests/stunnel.pem
+ (make clean-certs does not remove the original tests/stunnel.pem)
- Closes #9940
+ - Copy tests/certs/Server-localhost-sv.pubkey-pinned into --pinnedpubkey
+ options of tests/data/test2041 and tests/data/test2087
-- docs/WEBSOCKET.md: explain the URL use
+ Closes #10153
- Fixes #9936
- Closes #9941
+Yurii Rashkovskii (26 Dec 2022)
-Jay Satiro (18 Nov 2022)
+- cmake: fix the snprintf detection
-- sendf: change Curl_read_plain to wrap Curl_recv_plain
+ I haven't had the time to check other configurations, but on my macOS
+ Ventura 13.1 with XCode 14.2 cmake does not find `snprintf`.
- Prior to this change Curl_read_plain would attempt to read the
- socket directly. On Windows that's a problem because recv data may be
- cached by libcurl and that data is only drained using Curl_recv_plain.
+ Solution: ensure stdio.h is checked for definitions
- Rather than rewrite Curl_read_plain to handle cached recv data, I
- changed it to wrap Curl_recv_plain, in much the same way that
- Curl_write_plain already wraps Curl_send_plain.
+ Closes #10155
- Curl_read_plain -> Curl_recv_plain
- Curl_write_plain -> Curl_send_plain
+Radu Hociung (26 Dec 2022)
- This fixes a bug in the schannel backend where decryption of arbitrary
- TLS records fails because cached recv data is never drained. We send
- data (TLS records formed by Schannel) using Curl_write_plain, which
- calls Curl_send_plain, and that may do a recv-before-send
- ("pre-receive") to cache received data. The code calls Curl_read_plain
- to read data (TLS records from the server), which prior to this change
- did not call Curl_recv_plain and therefore cached recv data wasn't
- retrieved, resulting in malformed TLS records and decryption failure
- (SEC_E_DECRYPT_FAILURE).
+- http: remove the trace message "Mark bundle... multiuse"
- The bug has only been observed during Schannel TLS 1.3 handshakes. Refer
- to the issue and PR for more information.
+ The message "Mark bundle as not supporting multiuse" was added at commit
+ 29364d93 when an http/2-related bug was fixed, and it appears to be a
+ leftover trace message.
- Ref: https://github.com/curl/curl/issues/9431#issuecomment-1312420361
+ This message should be removed because:
+ * it conveys no information to the user
+ * it is enabled in the default build (--enable-verbose)
+ * it reads like a warning/unexpected condition
+ * it is equivalent to "Detected http proto < 2", which is
+ not a useful message.
+ * it is a time-wasting red-herring for anyone who encounters
+ it for the first time while investigating some other, real
+ problem.
- Assisted-by: Joel Depooter
- Reported-by: Egor Pugin
+ This commit removes the trace message "Mark bundle as not
+ supporting multiuse"
- Fixes https://github.com/curl/curl/issues/9431
- Closes https://github.com/curl/curl/pull/9904
+ Closes #10159
-- test3026: reduce runtime in legacy mingw builds
+Hannah Schierling (26 Dec 2022)
- - Load Windows system libraries secur32 and iphlpapi beforehand, so
- that libcurl's repeated global init/cleanup only increases/decreases
- the library's refcount rather than causing it to load/unload.
+- url: fix build with `--disable-cookies`
- Assisted-by: Marc Hoersken
+ Struct `UserDefined` has no member `cookielist` if
+ `CURL_DISABLE_COOKIES` is defined.
- Closes https://github.com/curl/curl/pull/9412
+ Follow-up to af5999a
-Daniel Stenberg (18 Nov 2022)
+ Closes #10158
-- url: move back the IDN conversion of proxy names
+Stefan Eissing (23 Dec 2022)
- Regression: in commit 53bcf55 we moved the IDN conversion calls to
- happen before the HSTS checks. But the HSTS checks are only done on the
- server host name, not the proxy names. By moving the proxy name IDN
- conversions, we accidentally broke the verbose output showing the proxy
- name.
+- runtests: also tear down http2/http3 servers when https server is stopped
- This change moves back the IDN conversions for the proxy names to the
- place in the code path they were before 53bcf55.
+ Closes #10114
- Reported-by: Andy Stamp
- Fixes #9937
- Closes #9939
+- tests: add 3 new HTTP/2 test cases, plus https: support for nghttpx
-Alexandre Ferrieux (18 Nov 2022)
+ - a simple https get
+ - a simple https post
+ - a multi get of 4 requests and check that same connection was used
-- CURLOPT_QUICK_EXIT: don't wait for DNS thread on exit
+ Closes #10114
- Fixes #2975
- Closes #9147
+Daniel Stenberg (23 Dec 2022)
-Daniel Stenberg (17 Nov 2022)
+- urldata: remove unused struct fields, made more conditional
-- HTTP-COOKIES.md: mention that http://localhost is a secure context
+ - source_quote, source_prequote and source_postquote have not been used since
+ 5e0d9aea3; September 2006
- Reported-by: Trail of Bits
+ - make several fields conditional on proxy support
- Closes #9938
+ - make three quote struct fields conditional on FTP || SSH
-- lib: parse numbers with fixed known base 10
+ - make 'mime_options' depend on MIME
- ... instead of using 0 argument that allows decimal, hex or octal when
- the number is documented and assumed to use base 10.
+ - make trailer_* fields depend on HTTP
- Closes #9933
+ - change 'gssapi_delegation' from long to unsigned char
-- RELEASE-NOTES: synced
+ - make 'localportrange' unsigned short instead of int
-- scripts/delta: adapt to curl.h changes for the opt counter
+ - conn->trailer now depends on HTTP
-- cookie: expire cookies at once when max-age is negative
+ Closes #10147
- Update test 329 to verify
+- urldata: make set.http200aliases conditional on HTTP being present
- Reported-by: godmar on github
- Fixes #9930
- Closes #9932
+ And make a few SSH-only fields depend on SSH
-Stefan Eissing (17 Nov 2022)
+ Closes #10140
-- proxy: haproxy filter is only available when PROXY and HTTP are
+- md4: fix build with GnuTLS + OpenSSL v1
- Closes #9935
+ Reported-by: Esdras de Morais da Silva
-Daniel Stenberg (16 Nov 2022)
+ Fixes #10110
+ Closes #10142
-- OtherTests.cmake: check for cross-compile, not for toolchain
+- urldata: make 'ftp_create_missing_dirs' depend on FTP || SFTP
- Build systems like vcpkg alway sets `CMAKE_TOOLCHAIN_FILE` so it should
- not be used as a sign that this is a cross-compile.
+ Closes #10139
- Also indented the function correctly.
+John Bampton (22 Dec 2022)
- Reported-by: Philip Chan
- Fixes #9921
- Closes #9923
+- misc: fix grammar and spelling
-- ntlm: improve comment for encrypt_des
+ Closes #10137
- Reported-by: Andrei Rybak
- Fixes #9903
- Closes #9925
+Daniel Stenberg (22 Dec 2022)
-- include/curl/curl.h: bump the deprecated requirements to gcc 5.3
+- urldata: move the cookefilelist to the 'set' struct
- Reported-by: Stephan Guilloux
- Fixes #9917
- Closes #9918
+ The cookiefile entries are set into the handle and should remain set for
+ the lifetime of the handle so that duplicating it also duplicates the
+ list. Therefore, the struct field is moved from 'state' to 'set'.
-Stefan Eissing (15 Nov 2022)
+ Fixes #10133
+ Closes #10134
-- proxy: refactor haproxy protocol handling as connection filter
+- strdup: name it Curl_strdup
- Closes #9893
+ It does not belong in the curlx_ name space as it is never used
+ externally.
-Patrick Monnerat (15 Nov 2022)
+ Closes #10132
-- lib: feature deprecation warnings in gcc >= 4.3
+Nick Banks (22 Dec 2022)
- Add a deprecated attribute to functions and enum values that should not
- be used anymore.
- This uses a gcc 4.3 dialect, thus is only available for this version of
- gcc and newer. Note that the _Pragma() keyword is introduced by C99, but
- is available as part of the gcc dialect even when compiling in C89 mode.
-
- It is still possible to disable deprecation at a calling module compile
- time by defining CURL_DISABLE_DEPRECATION.
+- msh3: update to v0.5 Release
- Gcc type checking macros are made aware of possible deprecations.
+ Closes #10125
- Some testing support Perl programs are adapted to the extended
- declaration syntax.
+Andy Alt (22 Dec 2022)
- Several test and unit test C programs intentionally use deprecated
- functions/options and are annotated to not generate a warning.
+- workflows/linux.yml: merge 3 common packages
- New test 1222 checks the deprecation status in doc and header files.
+ Closes #10071
- Closes #9667
+Daniel Stenberg (21 Dec 2022)
-Daniel Stenberg (15 Nov 2022)
+- docs: mention indirect effects of --insecure
-- log2changes.pl: wrap long lines at 80 columns
+ Warn users that disabling certficate verification allows servers to
+ "pollute" curl with data it trusts.
- Also, only use author names in the output.
+ Reported-by: Harry Sintonen
+ Closes #10126
- Fixes #9896
- Reported-by: John Sherrill
- Closes #9897
+- SECURITY-PROCESS.md: document severity levels
-- cfilters: use %zu for outputting size_t
+ Closes #10118
- Detected by Coverity CID 1516894
+- RELEASE_NOTES: synced
- Closes #9907
+ bumped version for new cycle
-- Curl_closesocket: avoid using 'conn' if NULL
+Marcel Raad (21 Dec 2022)
- ... in debug-only code.
+- tool_operate: fix `CURLOPT_SOCKS5_GSSAPI_NEC` type
- Reported by Coverity CID 1516896
+ `CURLOPT_SOCKS5_GSSAPI_NEC` is a long, while `socks5_gssapi_nec` was
+ made a bool in commit 4ac64eadf60.
- Closes #9907
+ Closes https://github.com/curl/curl/pull/10124
-- url: only acknowledge fresh_reuse for non-followed transfers
+Version 7.87.0 (21 Dec 2022)
- ... to make sure NTLM auth sticks to the connection it needs, as
- verified by 2032.
+Daniel Stenberg (21 Dec 2022)
- Follow-up to fa0b9227616e
+- RELEASE-NOTES: synced
- Assisted-by: Stefan Eissing
- Closes #9905
+ The curl 7.87.0 release
-- netrc.d: provide mutext info
+- THANKS: 40 new contributors from 7.87.0
- Reported-by: xianghongai on github
- Fixes #9899
- Closes #9901
+- http: fix the ::1 comparison for IPv6 localhost for cookies
-- cmdline-opts/page-footer: remove long option nroff formatting
+ When checking if there is a "secure context", which it is if the
+ connection is to localhost even if the protocol is HTTP, the comparison
+ for ::1 was done incorrectly and included brackets.
- As gen.pl adds them
+ Reported-by: BratSinot on github
-- nroff-scan.pl: detect double highlights
+ Fixes #10120
+ Closes #10121
-- cmdline-opts/gen.pl: fix the linkifier
+Philip Heiduck (19 Dec 2022)
- Improved logic for finding existing --options in text and replacing with
- the full version with nroff syntax. This also makes the web version link
- options better.
+- CI/spell: actions/checkout@v2 > actions/checkout@v3
- Reported-by: xianghongai on github
- Fixes #9899
- Closes #9902
+Daniel Stenberg (19 Dec 2022)
-Patrick Monnerat (14 Nov 2022)
+- smb/telnet: do not free the protocol struct in *_done()
-- tool: use feature names instead of bit mask, when possible
+ It is managed by the generic layer.
- If the run-time libcurl is too old to support feature names, the name
- array is created locally from the bit masks. This is the only sequence
- left that uses feature bit masks.
+ Reported-by: Trail of Bits
- Closes #9583
+ Closes #10112
-- docs: curl_version_info is not thread-safe before libcurl initialization
+- http: use the IDN decoded name in HSTS checks
- Closes #9583
+ Otherwise it stores the info HSTS into the persistent cache for the IDN
+ name which will not match when the HSTS status is later checked for
+ using the decoded name.
-- version: add a feature names array to curl_version_info_data
+ Reported-by: Hiroki Kurosawa
- Field feature_names contains a null-terminated sorted array of feature
- names. Bitmask field features is deprecated.
+ Closes #10111
- Documentation is updated. Test 1177 and tests/version-scan.pl updated to
- match new documentation format and extended to check feature names too.
+- CURLOPT_DEBUGFUNCTION.3: emphasize that incoming data is "raw"
- Closes #9583
+ Closes #10106
-Stefan Eissing (14 Nov 2022)
+Xì Gà (16 Dec 2022)
-- negtelnetserver.py: have it call its close() method
+- socks: fix username max size is 255 (0xFF)
- Closes #9894
+ Closes #10105
-Nathan Moinvaziri (13 Nov 2022)
+ Reviewed-by: Daniel Gustafsson
-- ntlm: silence ubsan warning about copying from null target_info pointer.
+Daniel Stenberg (16 Dec 2022)
- runtime error: null pointer passed as argument 2, which is declared to
- never be null
+- limit-rate.d: see also --rate
- Closes #9898
+- lib1560: add some basic IDN host name tests
-Daniel Stenberg (12 Nov 2022)
+ Closes #10094
-- RELEASE-NOTES: synced
+- idn: rename the files to idn.[ch] and hold all IDN functions
-Stefan Eissing (12 Nov 2022)
+ Closes #10094
-- Websocket: fixes for partial frames and buffer updates.
+- idn: remove Curl_win32_ascii_to_idn
- - buffers updated correctly when handling partial frames
- - callbacks no longer invoked for incomplete payload data of 0 length
- - curl_ws_recv no longer returns with 0 length partial payload
+ It was not used. Introduce a new IDN header for the prototype(s).
- Closes #9890
+ Closes #10094
-Daniel Stenberg (12 Nov 2022)
+- RELEASE-NOTES: synced
-- tool_operate: provide better errmsg for -G with bad URL
+- curl_url_get.3: remove spurious backtick
- If the URL that -G would try to add a query to could not be parsed, it would
- display
+ Put there by mistake.
- curl: (27) Out of memory
+ Follow-up from 9a8564a92
- It now instead shows:
+ Closes #10101
- curl: (2) Could not parse the URL, failed to set query
+- socks: fix infof() flag for outputing a char
- Reported-by: Alex Xu
- Fixes #9889
- Closes #9892
+ It used to be a 'long', %lu is no longer correct.
-- vtls: fix build without proxy support
+ Follow-up to 57d2d9b6bed33d
+ Detected by Coverity CID 1517663
- Follow-up to dafdb20a26d0c890
+ Closes #10100
- Closes #9895
+- ssl-reqd.d: clarify that this is for upgrading connections only
-- tool_getparam: make --no-get work as the opposite of --get
+ Closes #10093
- ... as documented.
+- curl_url_set.3: document CURLU_DISALLOW_USER
- Closes #9891
+ Closes #10099
-- http: mark it 'this_is_a_follow' in the Location: logic
+- cmake: set the soname on the shared library
- To make regular auth "reloads" to not count as redirects.
+ Set SONAME and VERSION for platforms we think this works on. Remove
+ issue from KNOWN_BUGS.
- Verified by test 3101
+ Assisted-by: Jakub Zakrzewski
- Fixes #9885
- Closes #9887
+ Closes #10023
-Viktor Szakats (11 Nov 2022)
+- tool_paramhlp: free the proto strings on exit
-- config-win32: fix SIZEOF_OFF_T for MSVC and old MinGW
+ And also make sure that repeated use of the options free the previous
+ string before it stores a new.
- The previously set default value of 8 (64-bit) is only correct for
- mingw-w64 and only when we set `_FILE_OFFSET_BITS` to 64 (the default
- when building curl). For MSVC, old MinGW and other Windows compilers,
- the correct value is 4 (32-bit). Adjust condition accordingly. Also
- drop the manual override option.
+ Follow-up from e6f8445edef8e7996d
- Regression in 7.86.0 (from 68fa9bf3f5d7b4fcbb57619f70cb4aabb79a51f6)
+ Closes #10098
- Bug: https://github.com/curl/curl/pull/9712#issuecomment-1307330551
+- tool_cfgable: free the ssl_ec_curves on exit
- Reported-by: Peter Piekarski
- Reviewed-by: Jay Satiro
+ Follow-up to ede125b7b
- Closes #9872
+ Closes #10097
-Daniel Stenberg (11 Nov 2022)
+- urlapi: reject more bad letters from the host name: &+()
-- lib: remove bad set.opt_no_body assignments
+ Follow-up from eb0167ff7d31d3a5
- This struct field MUST remain what the application set it to, so that
- handle reuse and handle duplication work.
+ Extend test 1560 to verify
- Instead, the request state bit 'no_body' is introduced for code flows
- that need to change this in run-time.
+ Closes #10096
- Closes #9888
+- altsvc: fix rejection of negative port numbers
-Stefan Eissing (11 Nov 2022)
+ Follow-up to ac612dfeee95
-- lib: connection filters (cfilter) addition to curl:
+ strtoul() accepts a leading minus so better make sure there is none
- - general construct/destroy in connectdata
- - default implementations of callback functions
- - connect: cfilters for connect and accept
- - socks: cfilter for socks proxying
- - http_proxy: cfilter for http proxy tunneling
- - vtls: cfilters for primary and proxy ssl
- - change in general handling of data/conn
- - Curl_cfilter_setup() sets up filter chain based on data settings,
- if none are installed by the protocol handler setup
- - Curl_cfilter_connect() boot straps filters into `connected` status,
- used by handlers and multi to reach further stages
- - Curl_cfilter_is_connected() to check if a conn is connected,
- e.g. all filters have done their work
- - Curl_cfilter_get_select_socks() gets the sockets and READ/WRITE
- indicators for multi select to work
- - Curl_cfilter_data_pending() asks filters if the have incoming
- data pending for recv
- - Curl_cfilter_recv()/Curl_cfilter_send are the general callbacks
- installed in conn->recv/conn->send for io handling
- - Curl_cfilter_attach_data()/Curl_cfilter_detach_data() inform filters
- and addition/removal of a `data` from their connection
- - adding vtl functions to prevent use of Curl_ssl globals directly
- in other parts of the code.
+ Extended test 356 somewhat to use a huge negative 64 bit number that
+ otherwise becomes a low positive number.
- Reviewed-by: Daniel Stenberg
- Closes #9855
+ Closes #10095
-- curl-rustls.m4: on macOS, rustls also needs the Security framework
+- lib: use size_t or int etc instead of longs
- Closes #9883
+ Since long is not using a consistent data size in curl builds, making it
+ often "waste" 32 bits.
-Daniel Stenberg (10 Nov 2022)
+ Closes #10088
-- rtsp: only store first_host once
+- azure: use "unversioned" clang and clang-tools for scanbuild job
- Suggested-by: Erik Janssen
- URL: https://github.com/curl/curl/pull/9870#issuecomment-1309499744
- Closes #9882
+ To make it less fragile
-Fata Nugraha (10 Nov 2022)
+ Closes #10092
-- test3028: verify PROXY
+Daniel Gustafsson (14 Dec 2022)
-- http: do not send PROXY more than once
+- x509asn1: avoid freeing unallocated pointers
- Unlike `CONNECT`, currently we don't keep track whether `PROXY` is
- already sent or not. This causes `PROXY` header to be sent twice during
- `MSTATE_TUNNELING` and `MSTATE_PROTOCONNECT`.
-
- Closes #9878
- Fixes #9442
-
-Jay Satiro (10 Nov 2022)
+ When utf8asn1str fails there is no allocation returned, so freeing
+ the return pointer in **to is at best a no-op and at worst a double-
+ free bug waiting to happen. The current coding isn't hiding any such
+ bugs but to future proof, avoid freeing the return value pointer iff
+ the function failed.
-- lib: add CURL_WRITEFUNC_ERROR to signal write callback error
+ Closes: #10087
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
- Prior to this change if the user wanted to signal an error from their
- write callbacks they would have to use logic to return a value different
- from the number of bytes (nmemb) passed to the callback. Also, the
- inclination of some users has been to just return 0 to signal error,
- which is incorrect as that may be the number of bytes passed to the
- callback.
+Emil Engler (13 Dec 2022)
- To remedy this the user can now return CURL_WRITEFUNC_ERROR instead.
+- curl_url_set.3: fix typo
- Ref: https://github.com/curl/curl/issues/9873
+ Closes: #10089
+ Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
- Closes https://github.com/curl/curl/pull/9874
+Daniel Stenberg (13 Dec 2022)
-Daniel Stenberg (9 Nov 2022)
+- test2304: verify websocket handling when connection is closed
-- Revert "GHA: add scorecard.yml"
+- server/sws: if asked to close connection, skip the websocket handling
- This reverts commit ca76c79b34f9d90105674a2151bf228ff7b13bef.
+- ws: if no connection is around, return error
-- GHA: add scorecard.yml
+ - curl_ws_send returns CURLE_SEND_ERROR if data->conn is gone
- add a "scorecard" scanner job
+ - curl_ws_recv returns CURLE_GOT_NOTHING on connection close
-Lorenzo Miniero (9 Nov 2022)
+ - curl_ws_recv.3: mention new return code for connection close + example
+ embryo
-- test3100: RTSP Basic authentication
+ Closes #10084
- Closes #9449
+Emil Engler (13 Dec 2022)
-Daniel Stenberg (9 Nov 2022)
+- docs: extend the dump-header documentation
-- rtsp: fix RTSP auth
+ This commit extends the documentation of the --dump-header command-line
+ option to reflect the behavior introduced in 8b1e5df7.
- Verified with test 3100
+ See #10079
+ Closes #10085
- Fixes #4750
- Closes #9870
+Daniel Stenberg (12 Dec 2022)
-- KNOWN_BUGS: remove eight entries
+- RELEASE-NOTES: synced
- - 1.2 Multiple methods in a single WWW-Authenticate: header
+- styled-output.d: this option does not work on Windows
- This is not considered a bug anymore but a restriction and one that we
- keep because we have NEVER gotten this reported by users in the wild and
- because of this I consider this a fringe edge case we don't need to
- support.
+ Reported-by: u20221022 on github
- - 1.6 Unnecessary close when 401 received waiting for 100
+ Fixes #10082
+ Closes #10083
- This is not a bug, but possibly an optimization that *can* be done.
+Emil Engler (12 Dec 2022)
- - 1.7 Deflate error after all content was received
+- tool: determine the correct fopen option for -D
- This is not a curl bug. This happens due to broken servers.
+ This commit fixes a bug in the dump-header feature regarding the
+ determination of the second fopen(3) option.
- - 2.1 CURLINFO_SSL_VERIFYRESULT has limited support
+ Reported-by: u20221022 on github
- This is not a bug. This is just the nature of the implementation.
+ See #4753
+ See #4762
+ Fixes #10074
+ Closes #10079
- - 2.2 DER in keychain
+Christian Schmitz (11 Dec 2022)
- This is not a bug.
+- docs/curl_ws_send: Fixed typo in websocket docs
- - 5.7 Visual Studio project gaps
+ Replace as with is in relevant sentences.
- This is not a bug.
+ Closes: #10081
+ Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
- - 15.14 cmake build is not thread-safe
+Prithvi MK (11 Dec 2022)
- Fixed in 109e9730ee5e2b
+- c-hyper: fix multi-request mechanism
- - 11.3 Disconnects do not do verbose
+ It makes test 565 run fine.
- This is not a bug.
+ Fixes #8896
+ Closes #10080
+ Assisted-by: Daniel Stenberg
- Closes #9871
+Andy Alt (11 Dec 2022)
-Hirotaka Tagawa (9 Nov 2022)
+- page-header: grammar improvement (display transfer rate)
-- headers: add endif comments
+ Closes #10068
- Closes #9853
+- docs/DEPRECATE.md: grammar improvement and sp correction
-Daniel Stenberg (8 Nov 2022)
+ The main thing I wanted to do was fix the spelling of "spent", but I
+ think this rewording improves the flow of the paragraph.
-- test1221: verify --url-query
+ Closes #10067
-- curl: add --url-query
+Boris Verkhovskiy (11 Dec 2022)
- This option adds a piece of data, usually a name + value pair, to the
- end of the URL query part. The syntax is identical to that used for
- --data-urlencode with one extension:
+- tool_cfgable: make socks5_gssapi_nec a boolean
- If the argument starts with a '+' (plus), the rest of the string is
- provided as-is unencoded.
+ Closes #10078
- This allows users to "build" query parts with options and URL encoding
- even when not doing GET requests, which the already provided option -G
- (--get) is limited to.
+Frank Gevaerts (9 Dec 2022)
- This idea was born in a Twitter thread.
+- contributors.sh: actually use $CURLWWW instead of just setting it.
- Closes #9691
+ The script was all set up for flexibility where curl-www is elsewhere in
+ the filesystem, but then hard-coded ../curl-www anyway...
-- maketgz: set the right version in lib/libcurl.plist
+ Closes #10064
- Follow-up to e498a9b1fe5964a18eb2a3a99dc52
+Daniel Stenberg (9 Dec 2022)
- Make sure the tarball gets a version of the libcurl.plist file that is
- updated with the new version string.
+- KNOWN_BUGS: remove items not considered bugs any more
- Reported-by: jvreelanda on github
- Fixes #9866
- Closes #9867
+ - CURL_GLOBAL_SSL
-- RELEASE-NOTES: synced
+ This option was changed in libcurl 7.57.0 and clearly it has not caused
+ too many issues and a lot of time has passed.
- Bumped version to 7.87.0
+ - Store TLS context per transfer instead of per connection
-Michael Drake (8 Nov 2022)
+ This is a possible future optimization. One that is much less important
+ and interesting since the added support for CA caching.
-- curl.h: add CURLOPT_CA_CACHE_TIMEOUT option
+ - Microsoft telnet server
- Adds a new option to control the maximum time that a cached
- certificate store may be retained for.
+ This bug was filed in May 2007 against curl 7.16.1 and we have not
+ received further reports.
- Currently only the OpenSSL backend implements support for
- caching certificate stores.
+ - active FTP over a SOCKS
- Closes #9620
+ Actually, proxies in general is not working with active FTP mode. This
+ is now added in proxy documentation.
-- openssl: reduce CA certificate bundle reparsing by caching
+ - DICT responses show the underlying protocol
- Closes #9620
+ curl still does this, but since this is now an established behavior
+ since forever we cannot change it easily and adding an option for it
+ seems crazy as this protocol is not so little its not worth it. Let's
+ just live with it.
-Rose (8 Nov 2022)
+ - Secure Transport disabling hostname validation also disables SNI
-- lib: fix some type mismatches and remove unneeded typecasts
+ This is an already documented restriction in Secure Transport.
- Many of these castings are unneeded if we change the variables to work
- better with each other.
+ - CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM
- Ref: https://github.com/curl/curl/pull/9823
+ The curl_formadd() function is marked and documented as deprecated. No
+ point in collecting bugs for it. It should not be used further.
- Closes https://github.com/curl/curl/pull/9835
+ - STARTTRANSFER time is wrong for HTTP POSTs
-Daniel Stenberg (8 Nov 2022)
+ After close source code inspection I cannot see how this is true or that
+ there is any special treatment for different HTTP methods. We also have
+ not received many further reports on this, making me strongly suspect
+ that this is no (longer an) issue.
-- cookie: compare cookie prefixes case insensitively
+ - multipart formposts file name encoding
- Adapted to language in rfc6265bis draft-11.
+ The once proposed RFC 5987-encoding is since RFC 7578 documented as MUST
+ NOT be used. The since then implemented MIME API allows the user to set
+ the name on their own and can thus provide it encoded as it wants.
- Closes #9863
+ - DoH is not used for all name resolves when enabled
- Reviewed-by: Daniel Gustafsson
+ It is questionable if users actually want to use DoH for interface and
+ FTP port name resolving. This restriction is now documented and we
+ advice users against using name resolving at all for these functions.
-- tool_operate: when aborting, make sure there is a non-NULL error buffer
+ Closes #10043
- To store custom errors in. Or SIGSEGVs will follow.
+- CURLOPT_COOKIEFILE.3: advice => advise
- Reported-by: Trail of Bits
- Closes #9865
+ Closes #10063
-- WEBSOCKET.md: fix broken link
+ Reviewed-by: Daniel Gustafsson
- Reported-by: Felipe Gasper
- Bug: https://curl.se/mail/lib-2022-10/0097.html
- Closes #9864
+Daniel Gustafsson (9 Dec 2022)
-- CURLOPT_DEBUGFUNCTION.3: do not assume nul-termination in example
+- curl.h: reword comment to not use deprecated option
- Reported-by: Oskar Sigvardsson
+ CURLOPT_INFILE was replaced by CURLOPT_READDATA in 7.9.7, reword the
+ comment mentioning it to make code grepping easier as well as improve
+ the documentation.
- Bug: https://curl.se/mail/lib-2022-11/0016.html
+ Closes: #10062
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
- Closes #9862
+Ryan Schmidt (9 Dec 2022)
-Stefan Eissing (7 Nov 2022)
+- system.h: fix socklen_t, curl_off_t, long long for Classic Mac OS
-- websockets: fix handling of partial frames
+ Change "__MWERKS__" to "macintosh". When this block was originally added
+ in 3ac6929 it was probably intended to handle classic Mac OS since the
+ previous classic Mac OS build procedure for curl (which was removed in
+ bf327a9) used Metrowerks CodeWarrior.
- buffer used and send length calculations are fixed when a partial
- websocket frame has been received.
+ But there are other classic Mac OS compilers, such as the MPW compilers,
+ that were not handled by this case. For classic Mac OS,
+ CURL_TYPEOF_CURL_SOCKLEN_T needs to match what's provided by the
+ third-party GUSI library, which does not vary by compiler.
- Closes #9861
+ Meanwhile CodeWarrior works on platforms other than classic Mac OS, and
+ they may need different definitions. Separate blocks could be added
+ later for any of those platforms that curl doesn't already support.
-Daniel Stenberg (7 Nov 2022)
+ Closes #10049
-- mailmap: unify Stefan Eissing
+- vms: remove SIZEOF_SHORT
-Stefan Eissing (7 Nov 2022)
+ The rest of SIZEOF_SHORT was removed in d48dd15.
-- hyper: fix handling of hyper_task's when reusing the same address
+ See #9291
+ Closes #10061
- Fixes #9840
- Closes #9860
+Daniel Gustafsson (8 Dec 2022)
-Jay Satiro (7 Nov 2022)
+- tool_formparse: avoid clobbering on function params
-- ws: return CURLE_NOT_BUILT_IN when websockets not built in
+ While perfectly legal to do, clobbering function parameters and using
+ them as local variables is confusing at best and rarely improves code
+ readability. Fix by using a local variable instead, no functionality
+ is changed.
- - Change curl_ws_recv & curl_ws_send to return CURLE_NOT_BUILT_IN when
- websockets support is not built in.
+ This also renames the parameter from data to mime_data since the term
+ data is (soft) reserved for the easy handle struct.
- Prior to this change they returned CURLE_OK.
+ Closes: #10046
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
- Closes #9851
+- noproxy: guard against empty hostnames in noproxy check
-Daniel Stenberg (7 Nov 2022)
+ When checking for a noproxy setting we need to ensure that we get
+ a hostname passed in. If there is no hostname then there cannot be
+ a matching noproxy rule for it by definition.
-- noproxy: tailmatch like in 7.85.0 and earlier
+ Closes: #10057
+ Reported-by: Geeknik Labs
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
- A regfression in 7.86.0 (via 1e9a538e05c010) made the tailmatch work
- differently than before. This restores the logic to how it used to work:
+Daniel Stenberg (8 Dec 2022)
- All names listed in NO_PROXY are tailmatched against the used domain
- name, if the lengths are identical it needs a full match.
+- c-hyper: CONNECT respones are not server responses
- Update the docs, update test 1614.
+ Together with d31915a8dbbd it makes test 265 run fine.
- Reported-by: Stuart Henderson
- Fixes #9842
- Closes #9858
+ Fixes #8853
+ Assisted-by: Prithvi MK
+ Assisted-by: Sean McArthur
+ Closes #10060
-- configure: require fork for NTLM-WB
+- test265: Use "connection: keep-alive" response header
- Reported-by: ウさん
+ When it answers as HTTP/1.0, so that clients (hyper) knows properly that
+ the connection remains intact.
- Fixes #9847
- Closes #9856
+- RELEASE-NOTES: synced
-- docs/EARLY-RELEASE.md: how to determine an early release
+Stefan Eissing (8 Dec 2022)
- URL: https://curl.se/mail/lib-2022-10/0079.html
+- cfilter: improve SSL connection checks
- Closes #9820
+ - fixes `Curl_ssl_cf_get_ssl()` to detect also the first filter instance
+ as ssl (refs #10053)
-- RELEASE-NOTES: synced
+ - replaces `Curl_ssl_use()` with the correct `Curl_conn_is_ssl()`
-Zespre Schmidt (3 Nov 2022)
+ Closes #10054
+ Fixes #10053
-- docs: add missing parameters for --retry flag
+ Reported-by: Patrick Monnerat
- Closes #9848
+Daniel Stenberg (8 Dec 2022)
-Adam Averay (3 Nov 2022)
+- runtests: silence nghttpx errors
-- libcurl-errors.3: remove duplicate word
+ Also, move the output of the nghttpx_h3 info to the general "Env:" line
+ in the test output header.
- Closes #9846
+ Reported-by: Marcel Raad
+ Ref: https://github.com/curl/curl/commit/ca15b7512e8d1199e55fbaa206ef01e64b8f
+ 147d#commitcomment-92015094
+ Closes #10044
-Eric Vigeant (3 Nov 2022)
+Ryan Schmidt (7 Dec 2022)
-- cur_path: do not add '/' if homedir ends with one
+- config-mac: define HAVE_SYS_IOCTL_H
- When using SFTP and a path relative to the user home, do not add a
- trailing '/' to the user home dir if it already ends with one.
+ This is needed to compile nonblock.c on classic Mac OS with Grand
+ Unified Socket Interface (GUSI) because nonblock.c uses FIONBIO which is
+ defined in <sys/filio.h> which is included by <sys/ioctl.h>.
- Closes #9844
+ Ref: https://sourceforge.net/projects/gusi/
-Viktor Szakats (1 Nov 2022)
+ Closes https://github.com/curl/curl/pull/10042
-- windows: fail early with a missing windres in autotools
+Philip Heiduck (7 Dec 2022)
- `windres` is not always auto-detected by autotools when building for
- Windows. When this happened, the build failed with a confusing error due
- to the empty `RC` command:
+- CI: Change FreeBSD image from 12.3 to 12.4
- ```
- /bin/bash ../libtool --tag=RC --mode=compile -I../include -DCURL_EMBED_MANIF
- EST -i curl.rc -o curl.o
- [...]
- Usage: /sandbox/curl/libtool [OPTION]... [MODE-ARG]...
- Try 'libtool --help' for more information.
- libtool: error: unrecognised option: '-I../include'
- ```
+ Ref: https://www.phoronix.com/news/FreeBSD-12.4-Released
- Improve this by verifying if `RC` is set, and fail with a clear error
- otherwise.
+ Closes https://github.com/curl/curl/pull/10051
- Follow-up to 6de7322c03d5b4d91576a7d9fc893e03cc9d1057
+Ryan Schmidt (7 Dec 2022)
- Ref: https://curl.se/mail/lib-2022-10/0049.html
- Reported-by: Thomas Glanzmann
- Closes #9781
+- test1421: fix typo
-- lib: sync guard for Curl_getaddrinfo_ex() definition and use
+ Closes https://github.com/curl/curl/pull/10055
- `Curl_getaddrinfo_ex()` gets _defined_ with `HAVE_GETADDRINFO` set. But,
- `hostip4.c` _used_ it with `HAVE_GETADDRINFO_THREADSAFE` set alone. It
- meant a build with the latter, but without the former flag could result
- in calling this function but not defining it, and failing to link.
+Jay Satiro (7 Dec 2022)
- Patch this by adding an extra check for `HAVE_GETATTRINFO` around the
- call.
+- build: assume errno.h is always available
- Before this patch, build systems prevented this condition. Now they
- don't need to.
+ - Remove errno.h detection from all build configurations.
- While here, simplify the related CMake logic on Windows by setting
- `HAVE_GETADDRINFO_THREADSAFE` to the detection result of
- `HAVE_GETADDRINFO`. This expresses the following intent clearer than
- the previous patch and keeps the logic in a single block of code:
- When we have `getaddrinfo()` on Windows, it's always threadsafe.
+ errno.h is a standard header according to C89.
- Follow-up to 67d88626d44ec04b9e11dca4cfbf62cd29fe9781
+ Closes https://github.com/curl/curl/pull/9986
- Reviewed-by: Jay Satiro
- Closes #9734
+- build: assume assert.h is always available
-- tidy-up: process.h detection and use
+ - Remove assert.h detection from all build configurations.
- This patch aims to cleanup the use of `process.h` header and the macro
- `HAVE_PROCESS_H` associated with it.
+ assert.h is a standard header according to C89.
- - `process.h` is always available on Windows. In curl, it is required
- only for `_beginthreadex()` in `lib/curl_threads.c`.
+ I had proposed this several years ago as part of a larger change that
+ was abandoned.
- - `process.h` is also available in MS-DOS. In curl, its only use was in
- `lib/smb.c` for `getpid()`. But `getpid()` is in fact declared by
- `unistd.h`, which is always enabled via `lib/config-dos.h`. So the
- header is not necessary.
+ Ref: https://github.com/curl/curl/issues/1237#issuecomment-277500720
- - `HAVE_PROCESS_H` was detected by CMake, forced to 1 on Windows and
- left to real detection for other platforms.
- It was also set to always-on in `lib/config-win32.h` and
- `lib/config-dos.h`.
- In autotools builds, there was no detection and the macro was never
- set.
+ Closes https://github.com/curl/curl/pull/9985
- Based on these observations, in this patch we:
+Philip Heiduck (7 Dec 2022)
- - Rework Windows `getpid` logic in `lib/smb.c` to always use the
- equivalent direct Win32 API function `GetCurrentProcessId()`, as we
- already did for Windows UWP apps. This makes `process.h` unnecessary
- here on Windows.
+- CI: LGTM.com will be shut down in December 2022
- - Stop #including `process.h` into files where it was not necessary.
- This is everywhere, except `lib/curl_threads.c`.
+ Closes #10052
- > Strangely enough, `lib/curl_threads.c` compiled fine with autotools
- > because `process.h` is also indirecty included via `unistd.h`. This
- > might have been broken in autotools MSVC builds, where the latter
- > header is missing.
+Daniel Stenberg (6 Dec 2022)
- - Delete all remaining `HAVE_PROCESS_H` feature guards, for they were
- unnecessary.
+- mailmap: Andy Alt
- - Delete `HAVE_PROCESS_H` detection from CMake and predefined values
- from `lib/config-*.h` headers.
+Andy Alt (6 Dec 2022)
- Reviewed-by: Jay Satiro
- Closes #9703
+- misc: Fix incorrect spelling
-Daniel Stenberg (1 Nov 2022)
+ Fix various uses of connnect by replacing them with connect.
-- lib1301: unit103 turned into a libtest
+ Closes: #10045
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
- It is not a unit test so moved over to libtests.
+Stefan Eissing (6 Dec 2022)
-- strcase: use curl_str(n)equal for case insensitive matches
+- wolfssl: remove special BIO return code handling
- No point in having two entry points for the same functions.
+ - rely solely on the retry flag in BIO, similar to OpenSSL vtls
+ implementation.
- Also merged the *safe* function treatment into these so that they can
- also be used when one or both pointers are NULL.
+ Ref: https://github.com/curl/curl/pull/10021#issuecomment-1336147053
- Closes #9837
+ Closes #10033
-- README.md: remove badges and xmas-tree garnish
+Daniel Stenberg (6 Dec 2022)
- URL: https://curl.se/mail/lib-2022-10/0050.html
+- openssl: return -1 on error in the BIO callbacks
- Closes #9833
+ BIO_read and BIO_write return negative numbers on error, including
+ retryable ones. A regression from 55807e6. Both branches should be
+ returning -1.
-Patrick Monnerat (1 Nov 2022)
+ The APIs are patterned after POSIX read and write which, similarly,
+ return -1 on errors, not zero, with EAGAIN treated as an error.
-- gen.pl: do not generate CURLHELP bitmask lines > 79 characters
+ Bug: https://github.com/curl/curl/issues/10013#issuecomment-1335308146
+ Reported-by: David Benjamin
+ Closes #10021
- If a command line option is in many help categories, there is a risk
- that CURLHELP bitmask source lines generated for listhelp are longer
- than 79 characters.
+Ryan Schmidt (6 Dec 2022)
- This change takes care of folding such long lines.
+- config-mac: remove HAVE_SYS_SELECT_H
- Cloes #9834
+ When compiling for classic Mac OS with GUSI, there is no sys/select.h.
+ GUSI provides the "select" function prototype in sys/time.h.
-Marc Hoersken (30 Oct 2022)
+ Closes #10039
-- CI/cirrus: remove superfluous double-quotes and sudo
+- setup: do not require __MRC__ defined for Mac OS 9 builds
- Follow up to #9565 and #9677
- Closes #9738
+ Partially reverts "somewhat protect Mac OS X users from using Mac OS 9
+ config file", commit 62519bfe059251af2914199f284c736553ff0489.
-- tests/sshserver.pl: re-enable ssh-rsa while using openssh 8.8+
+ Do things that are specific to classic Mac OS (i.e. include config-mac.h
+ in curl_setup.h and rename "main" to "curl_main" in tool_setup.h) when
+ only "macintosh" is defined. Remove the additional condition that
+ "__MRC__" should be defined since that would only be true with the MPW
+ MrC compiler which prevents the use of other reasonable compilers like
+ the MPW SC compiler and especially the Metrowerks CodeWarrior compilers.
+ "macintosh" is only defined by classic Mac OS compilers so this change
+ should not affect users of Mac OS X / OS X / macOS / any other OS.
- Ref: #9738
+ Closes #10037
-Daniel Stenberg (30 Oct 2022)
+- curl.h: name all public function parameters
-- style: use space after comment start and before comment end
+ Most public function parameters already have names; this adds those
+ that were missing.
- /* like this */
+ Closes #10036
- /*not this*/
+Andy Alt (6 Dec 2022)
- checksrc is updated accordingly
+- docs/examples: spell correction ('Retrieve')
- Closes #9828
+ Closes #10040
-Patrick Schlangen (30 Oct 2022)
+Daniel Stenberg (6 Dec 2022)
-- docs: remove performance note in CURLOPT_SSL_VERIFYPEER
+- unit1302: slightly extended
- This note became obsolete since PR #7892 (see also discussion in the PR
- comments).
-
- Closes #9832
-
-Daniel Stenberg (30 Oct 2022)
-
-- tests/server: make use of strcasecompare from lib/
-
- ... instead of having a second private implementation.
+ To test more base64 decoding
- Idea triggered by #9830
+- base64: faster base64 decoding
- Closes #9831
+ - by using a lookup table instead of strchr()
+ - by doing full quantums first, then padding
-- curl: timeout in the read callback
+ Closes #10032
- The read callback can timeout if there's nothing to read within the
- given maximum period. Example use case is when doing "curl -m 3
- telnet://example.com" or anything else that expects input on stdin or
- similar that otherwise would "hang" until something happens and then not
- respect the timeout.
+Michael Musset (6 Dec 2022)
- This fixes KNOWN_BUG 8.1, first filed in July 2009.
+- libssh2: return error when ssh_hostkeyfunc returns error
- Bug: https://sourceforge.net/p/curl/bugs/846/
+ return CURLE_PEER_FAILED_VERIFICATION if verification with the callback
+ return a result different than CURLKHMATCH_OK
- Closes #9815
+ Closes #10034
-- noproxy: fix tail-matching
+Viktor Szakats (5 Dec 2022)
- Also ignore trailing dots in both host name and comparison pattern.
+- Makefile.mk: improve a GNU Make hack [ci skip]
- Regression in 7.86.0 (from 1e9a538e05c0)
+ Replace the hack of using `$() ` to represent a single space. The new
+ method silences the `--warn-undefined-variables` debug warning and it's
+ also a better-known form of solving this problem.
- Extended test 1614 to verify better.
+ Reviewed-by: Jay Satiro
+ Closes #10031
- Reported-by: Henning Schild
- Fixes #9821
- Closes #9822
+Daniel Stenberg (5 Dec 2022)
-- docs: explain the noproxy CIDR notation support
+- tests/unit/.gitignore: ignore all unit + 4 digits files
- Follow-up to 1e9a538e05c0107c
+- base64: encode without using snprintf
- Closes #9818
+ For speed. In some tests, this approch is 29 times faster!
-Jon Rumsey (27 Oct 2022)
+ Closes #10026
-- os400: use platform socklen_t in Curl_getnameinfo_a
+- base64: better alloc size
- Curl_getnameinfo_a() is prototyped before including curl.h as an
- ASCII'fied wrapper for getnameinfo(), which itself is prototyped with
- socklen_t arguments, so this should use the platform socklen_t and not
- curl_socklen_t too.
+ The previous algorithm allocated more bytes than necessary.
- Update setup-os400.h
+ Suggested-by: xtonik on github
+ Fixes #10024
+ Closes #10025
- Fixes #9811
- Closes #9812
+Ryan Schmidt (5 Dec 2022)
-Daniel Stenberg (27 Oct 2022)
+- config-mac: fix typo: size_T -> size_t
-- noproxy: also match with adjacent comma
+ Both MPW and CodeWarrior compilers complained about this.
- If the host name is an IP address and the noproxy string contained that
- IP address with a following comma, it would erroneously not match.
+ Closes #10029
- Extended test 1614 to verify this combo as well.
+Daniel Stenberg (3 Dec 2022)
- Reported-by: Henning Schild
+- RELEASE-NOTES: synced
- Fixes #9813
- Closes #9814
+Jakub Zakrzewski (2 Dec 2022)
-Randall S. Becker (27 Oct 2022)
+- CMake: fix build with `CURL_USE_GSSAPI`
-- build: fix for NonStop
+ CMAKE_*_LINKER_FLAGS must be a string but GSS_LINKER_FLAGS is a list, so
+ we need to replace semicolons with spaces when setting those.
- - Include arpa/inet.h in all units where htonl is called.
+ Fixes #9017
+ Closes #1022
- Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
+Max Dymond (2 Dec 2022)
- Closes https://github.com/curl/curl/pull/9816
+- ci: Reuse fuzzing snippet from curl-fuzzer project
-- system.h: support 64-bit curl_off_t for NonStop 32-bit
+Diogo Teles Sant'Anna (2 Dec 2022)
- - Correctly define curl_off_t on NonStop (ie __TANDEM) ia64 and x86 for
- 32-bit builds.
+- GHA: clarify workflows permissions, set least possible privilege
- Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>
+ Set top-level permissions to None on all workflows, setting per-job
+ permissions. This avoids that new jobs inherit unwanted permissions.
- Closes https://github.com/curl/curl/pull/9817
+ Discussion: https://curl.se/mail/lib-2022-11/0028.html
-Daniel Stenberg (27 Oct 2022)
+ Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>
-- spellcheck.words: remove 'github' as an accepted word
+ Closes #9928
- Prefer the properly cased version: GitHub
+Viktor Szakats (2 Dec 2022)
- Use markdown for links and GitHub in text.
+- Makefile.mk: address minor issues
- Closes #9810
+ - Fix `NROFF` auto-detection with certain shell/make-build combinations:
-Ayesh Karunaratne (27 Oct 2022)
+ When a non-MSYS2 GNU Make runs inside an MSYS2 shell, Make executes
+ the detection command as-is via `CreateProcess()`. It fails because
+ `command` is an `sh` built-in. Ensure to explicitly invoke the shell.
-- misc: typo and grammar fixes
+ - Initialize user-customizable variables:
- - Replace `Github` with `GitHub`.
- - Replace `windows` with `Windows`
- - Replace `advice` with `advise` where a verb is used.
- - A few fixes on removing repeated words.
- - Replace `a HTTP` with `an HTTP`
+ Silences a list of warnings when running GNU Make with the option
+ `--warn-undefined-variables`. Another benefit is that it's now easy
+ to look up all user-customizable `Makefile.mk` variables by grepping
+ for ` ?=` in the curl source tree.
- Closes #9802
+ Suggested-by: Gisle Vanem
+ Ref: https://github.com/curl/curl/pull/9764#issuecomment-1330674433
-Viktor Szakats (27 Oct 2022)
+ - Fix `MKDIR` invocation:
-- windows: fix linking .rc to shared curl with autotools
+ Avoid a warning and potential issue in envs without forward-slash
+ support.
- `./configure --enable-shared --disable-static` fails when trying to link
- a shared `curl.exe`, due to `libtool` magically changing the output
- filename of `windres` to one that it doesn't find when linking:
+ Closes #10000
- ```
- /bin/sh ../libtool --tag=RC --mode=compile windres -I../../curl/include -DCUR
- L_EMBED_MANIFEST -i ../../curl/src/curl.rc -o curl.o
- libtool: compile: windres -I../../curl/include -DCURL_EMBED_MANIFEST -i ../.
- ./curl/src/curl.rc -o .libs/curl.o
- [...]
- CCLD curl.exe
- clang: error: no such file or directory: 'curl.o'
- ```
+Rob de Wit (2 Dec 2022)
- Let's resolve this by skipping `libtool` and calling `windres` directly
- when building `src` (aka `curl.exe`). Leave `lib` unchanged, as it does
- need the `libtool` magic. This solution is compatible with building
- a static `curl.exe`.
+- curl_get_line: allow last line without newline char
- This build scenario is not CI-tested.
+ improve backwards compatibility
- While here, delete an obsolete comment about a permanent `libtool`
- warning that we've resolved earlier.
+ Test 3200 verifies
- Regression from 6de7322c03d5b4d91576a7d9fc893e03cc9d1057
+ Closes #9973
- Reported-by: Christoph Reiter
- Fixes #9803
- Closes #9805
+Daniel Stenberg (2 Dec 2022)
-- cmake: really enable warnings with clang
+- cookie: open cookie jar as a binary file
- Even though `PICKY_COMPILER=ON` is the default, warnings were not
- enabled when using llvm/clang, because `CMAKE_COMPILER_IS_CLANG` was
- always false (in my tests at least).
+ On Windows there is a difference and for text files, ^Z means end of
+ file which is not desirable.
- This is the single use of this variable in curl, and in a different
- place we already use `CMAKE_C_COMPILER_ID MATCHES "Clang"`, which works
- as expected, so change the condition to use that instead.
+ Ref: #9973
+ Closes #10017
- Also fix the warnings uncovered by the above:
+- runtests: only do CRLF replacements for hyper if it is HTTP
- - lib: add casts to silence clang warnings
+ Closes #10016
- - schannel: add casts to silence clang warnings in ALPN code
+Stefan Eissing (1 Dec 2022)
- Assuming the code is correct, solve the warnings with a cast.
- This particular build case isn't CI tested.
+- openssl: fix for BoringSSL BIO result interpretation mixups
- There is a chance the warning is relevant for some platforms, perhaps
- Windows 32-bit ARM7.
+ Reported-by: Robin Marx
+ Fixes #10013
+ Closes #10015
- Closes #9783
+Max Dymond (1 Dec 2022)
-Joel Depooter (26 Oct 2022)
+- ci: Remove zuul fuzzing job as it's superseded by CIFuzz
-- sendf: remove unnecessary if condition
+Daniel Stenberg (1 Dec 2022)
- At this point, the psnd->buffer will always exist. We have already
- allocated a new buffer if one did not previously exist, and returned
- from the function if the allocation failed.
+- runtests: do CRLF replacements per section only
- Closes #9801
+ The `crlf="yes"` attribute and "hyper mode" are now only applied on a
+ subset of dedicated sections: data, datacheck, stdout and protocol.
-Viktor Szakats (26 Oct 2022)
+ Updated test 2500 accordingly.
-- winidn: drop WANT_IDN_PROTOTYPES
+ Also made test1 use crlf="yes" for <protocol>, mostly because it is
+ often used as a template test case. Going forward, using this attribute
+ we should be able to write test cases using linefeeds only and avoid
+ mixed line ending encodings.
- `WANT_IDN_PROTOTYPES` was necessary to avoid using a header that came
- via an optional package. MS stopped distributing this package some
- years ago and the winidn definitions are part of standard headers (via
- `windows.h`) since Vista.
+ Follow-up to ca15b7512e8d11
- Auto-detect Vista inside `lib/idn_win32.c` and enable the manual
- definitions if building for an older Windows.
+ Fixes #10009
+ Closes #10010
- This allows to delete this manual knob from all build-systems.
+Stefan Eissing (1 Dec 2022)
- Also drop the `_SAL_VERSION` sub-case:
+- gnutls: use common gnutls init and verify code for ngtcp2
- Our manual definitions are now only enabled with old systems. We assume
- that code analysis is not run on such systems, allowing us to delete the
- SAL-friendly flavour of these.
+ Closes #10007
- Reviewed-by: Jay Satiro
- Closes #9793
+Baitinq on github (1 Dec 2022)
-Daniel Stenberg (26 Oct 2022)
+- aws_sigv4: fix typos in aws_sigv4.c
-- misc: remove duplicated include files
+ Closes #10008
- Closes #9796
+Kenneth Myhra (30 Nov 2022)
-- scripts/checksrc.pl: detect duplicated include files
+- curl.h: include <sys/select.h> on SerenityOS
- After an idea by Dan Fandrich in #9794
+ Closes #10006
- Closes #9796
+Daniel Stenberg (30 Nov 2022)
-- RELEASE-NOTES: synced
+- openssl: prefix errors with '[lib]/[version]: '
- And bumped version to 7.86.1 for now
+ To help users understand where this (cryptic) error message comes from.
-- CURLMOPT_SOCKETFUNCTION.3: clarify CURL_POLL_REMOVE
+ Suggested-by: Philip Sanetra
+ Ref: #10002
+ Closes #10004
- The removal is brief or long, don't assume.
+Stefan Eissing (30 Nov 2022)
- Reported-by: Luca Niccoli
+- tests: add HTTP/3 test case, custom location for proper nghttpx
- Fixes #9799
- Closes #9800
+ - adding support for HTTP/3 test cases via a nghttpx server that is
+ build with ngtcp2 and nghttp3.
+ - test2500 is the first test case, performing a simple GET.
+ - nghttpx is checked for support and the 'feature' nghttpx-h3
+ is set accordingly. test2500 will only run, when supported.
+ - a specific nghttpx location can be given in the environment
+ variable NGHTTPX or via the configure option
+ --with-test-nghttpx=<path>
-Version 7.86.0 (26 Oct 2022)
+ Extend NGHTTPX config to H2 tests as well
-Daniel Stenberg (26 Oct 2022)
+ * use $ENV{NGHTTPX} and the configured default also in http2 server starts
+ * always provide the empty test/nghttpx.conf to nghttpx. as it defaults to
+ reading /etc/nghttpx/nghttpx.conf otherwise.
-- RELEASE: synced
+ Added nghttpx to CI ngtcp2 jobs to run h3 tests.
- The 7.86.0 release
+ Closes #9031
-- THANKS: added from the 7.86.0 release
+Daniel Stenberg (30 Nov 2022)
-Viktor Szakats (25 Oct 2022)
+- RELEASE-NOTES: synced
-- noproxy: include netinet/in.h for htonl()
+ Removed duplicate after contributors.sh fix: 9967c10b6daa1
- Solve the Amiga build warning by including `netinet/in.h`.
+- scripts/contributors.sh: strip one OR MORE leading spaces
- `krb5.c` and `socketpair.c` are using `htonl()` too. This header is
- already included in those sources.
+ From names found credited in commit logs
- Regression from 1e9a538e05c0107c54ef81d9de7cd0b27cd13309
+- RELEASE-NOTES: synced
- Reviewed-by: Daniel Stenberg
- Closes #9787
+- openssl/mbedtls: use %d for outputing port with failf (int)
-Marc Hoersken (24 Oct 2022)
+ Coverity CID 1517100
-- CI: fix AppVeyor status failing for starting jobs
+ Also, remove some int typecasts in vtls.c for the port number
-Daniel Stenberg (24 Oct 2022)
+ Closes #10001
-- test445: verifies the protocols-over-http-proxy flaw and fix
+- KNOWN_BUGS: remove "Multi perform hangs waiting for threaded resolver"
-- http_proxy: restore the protocol pointer on error
+ We now offer a way to avoid that hang, using CURLOPT_QUICK_EXIT.
- Reported-by: Trail of Bits
+ Follow-up to 49798cac832ab1 fixed via #9147
- Closes #9790
+ Closes #9999
-- multi: remove duplicate include of connect.h
+- KNOWN_BUGS: remove "--interface for ipv6 binds to unusable IP address"
- Reported-by: Martin Strunz
- Fixes #9794
- Closes #9795
+ Since years back the "if2ip" function verifies that it binds to a local IPv6
+ address that uses the same scope as the remote address.
-Daniel Gustafsson (24 Oct 2022)
+ This is not a bug.
-- idn: fix typo in test description
+ Fixes #686
+ Closes #9998
- s/enabked/enabled/i
+- test1276: verify lib/optiontable.pl
-Daniel Stenberg (24 Oct 2022)
+ Checks that it generates an output identical to the file.
-- url: use IDN decoded names for HSTS checks
+- lib/optiontable.pl: adapt to CURLOPTDEPRECATED()
- Reported-by: Hiroki Kurosawa
+ Follow-up from 6967571bf20624bc
- Closes #9791
+ Reported-by: Gisle Vanem
-- unit1614: fix disabled-proxy build
+ Fixes #9992
+ Closes #9993
- Follow-up to 1e9a538e05c01
+- docs/INSTALL.md: list OSes and CPUs quoted
- Closes #9792
+ to make them skip spellcheck. Also added a new CPU.
-Daniel Gustafsson (24 Oct 2022)
+ Follow-up to 4506cbf7f24a2a
-- cookies: optimize control character check
+ Closes #9997
- When checking for invalid octets the strcspn() call will return the
- position of the first found invalid char or the first NULL byte.
- This means that we can check the indicated position in the search-
- string saving a strlen() call.
+Ikko Ashimine (28 Nov 2022)
- Closes: #9736
- Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
+- vtls: fix typo in vtls_int.h
-Daniel Stenberg (24 Oct 2022)
+ paramter -> parameter
-- netrc: replace fgets with Curl_get_line
+ Closes: #9996
+ Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
- Make the parser only accept complete lines and avoid problems with
- overly long lines.
+Daniel Stenberg (28 Nov 2022)
- Reported-by: Hiroki Kurosawa
+- curl-openssl.m4: do not add $prefix/include/openssl to CPPFLAGS
- Closes #9789
+ As OpenSSL's include files are all included using <openssl/*.h> in curl
+ source code, we just risk that existing openssl files will "shadow"
+ include files without path if that path is provided.
-- RELEASE-NOTES: add "Planned upcoming removals include"
+ Fixes #9989
+ Closes #9988
- URL: https://curl.se/mail/archive-2022-10/0001.html
+- INSTALL: update operating systems and CPU archs
- Suggested-by: Dan Fandrich
+ Update after recent runs on Twitter/Mastodon and my blog
-Viktor Szakats (23 Oct 2022)
+ Closes #9994
-- ci: bump to gcc-11 for macos
+Stefan Eissing (28 Nov 2022)
- Ref: https://github.blog/changelog/2022-10-03-github-actions-jobs-running-on-
- macos-latest-are-now-running-on-macos-12/
- Ref: https://github.com/actions/runner-images/blob/main/images/macos/macos-12
- -Readme.md
+- tls: backends use connection filters for IO, enabling HTTPS-proxy
- Reviewed-by: Max Dymond
- Closes #9785
+ - OpenSSL (and compatible)
+ - BearSSL
+ - gnutls
+ - mbedtls
+ - rustls
+ - schannel
+ - secure-transport
+ - wolfSSL (v5.0.0 and newer)
-- Makefile.m32: reintroduce CROSSPREFIX and -W -Wall [ci skip]
+ This leaves only the following without HTTPS-proxy support:
+ - gskit
+ - nss
+ - wolfSSL (versions earlier than v5.0.0)
- - Reintroduce `CROSSPREFIX`:
+ Closes #9962
- If set, we add it to the `CC` and `AR` values, and to the _default_
- value of `RC`, which is `windres`. This allows to control each of
- these individidually, while also allowing to simplify configuration
- via `CROSSPREFIX`.
+Daniel Stenberg (28 Nov 2022)
- This variable worked differently earlier. Hopefully this new solution
- hits a better compromise in usefulness/complexity/flexibility.
+- include/curl/curl.h: bump the deprecated requirements to gcc 6.1
- Follow-up to: aa970c4c08775afcd0c2853be89b0a6f02582d50
+ Reported-by: Michael Kaufmann
+ Fixes #9917
+ Closes #9987
- - Enable warnings again:
+Patrick Monnerat (28 Nov 2022)
- This time with an option to override it via `CFLAGS`. Warnings are
- also enabled by default in CMake, `makefile.dj` and `makefile.amiga`
- builds (not in autotools though).
+- mime: relax easy/mime structures binding
- Follow-up to 10fbd8b4e3f83b967fd9ad9a41ab484c0e7e7ca3
+ Deprecation and removal of codeset conversion support from the library
+ have released the strict need for an early binding of mime structures to
+ an easy handle (https://github.com/curl/curl/commit/2610142).
- Closes #9784
+ This constraint currently forces to create the handle before the mime
+ structure and the latter cannot be attached to another handle once
+ created (see https://curl.se/mail/lib-2022-08/0027.html).
-- noproxy: silence unused variable warnings with no ipv6
+ This commit removes the handle pointers from the mime structures
+ allowing more flexibility on their use.
- Follow-up to 36474f1050c7f4117e3c8de6cc9217cfebfc717d
+ When an easy handle is duplicated, bound mime structures must however
+ still be duplicated too as their components hold send-time dynamic
+ information.
- Reviewed-by: Daniel Stenberg
- Closes #9782
+ Closes #9927
-Daniel Stenberg (22 Oct 2022)
+fractal-access (26 Nov 2022)
-- test644: verify --xattr (with redirect)
+- test416: verify growing FTP file support
-- tool_xattr: save the original URL, not the final redirected one
+ Added setting: RETRSIZE [size] in the <servercmd> section. When set this
+ will cause the test FTP server to return the size set (rather than the
+ actual size) in the acknowledgement from a RETR request.
- Adjusted test 1621 accordingly.
+ Closes #9772
- Reported-by: Viktor Szakats
- Fixes #9766
- Closes #9768
+- ftp: support growing files with CURLOPT_IGNORE_CONTENT_LENGTH
-- docs: make sure libcurl opts examples pass in long arguments
+ When using the option CURLOPT_IGNORE_CONTENT_LENGTH (set.ignorecl in
+ code) to support growing files in FTP, the code should ignore the
+ initial size it gets from the server as this will not be the final size
+ of the file. This is done in ftp_state_quote() to prevent a size request
+ being issued in the initial sequence. However, in a later call to
+ ftp_state_get_resp() the code attempts to get the size of the content
+ again if it doesn't already have it, by parsing the response from the
+ RETR request. This fix prevents this parsing of the response to get the
+ size when the set.ignorecl option is set. This should maintain the size
+ value as -1, unknown, in this situation.
- Reported-by: Sergey
- Fixes #9779
- Closes #9780
+ Closes #9772
-Marc Hoersken (21 Oct 2022)
+Stefan Eissing (26 Nov 2022)
-- CI: fix AppVeyor job links only working for most recent build
+- cfilter: re-add `conn` as parameter to cfilter setup methods
- Ref: https://github.com/curl/curl/pull/9768#issuecomment-1286675916
- Reported-by: Daniel Stenberg
+ - `Curl_ssl_get_config()` now returns the first config if no SSL proxy
+ filter is active
- Follow up to #9769
+ - socket filter starts connection only on first invocation of its
+ connect method
-Viktor Szakats (21 Oct 2022)
+ Fixes #9982
+ Closes #9983
-- noproxy: fix builds without AF_INET6
+Daniel Stenberg (26 Nov 2022)
- Regression from 1e9a538e05c0107c54ef81d9de7cd0b27cd13309
+- KNOWN_BUGS: remove five FTP related issues
- Reviewed-by: Daniel Stenberg
+ - "FTP with CONNECT and slow server"
- Closes #9778
+ I believe this is not a problem these days.
-Daniel Stenberg (21 Oct 2022)
+ - "FTP with NULs in URL parts"
-- noproxy: support proxies specified using cidr notation
+ The FTP protocol does not support them properly anyway.
- For both IPv4 and IPv6 addresses. Now also checks IPv6 addresses "correctly"
- and not with string comparisons.
+ - remove "FTP and empty path parts in the URL"
- Split out the noproxy checks and functionality into noproxy.c
+ I don't think this has ever been reported as a real problem but was only
+ a hypothetical one.
- Added unit test 1614 to verify checking functions.
+ - "Premature transfer end but healthy control channel"
- Reported-by: Mathieu Carbonneaux
+ This is not a bug, this is an optimization that *could* be performed but is
+ not an actual problem.
- Fixes #9773
- Fixes #5745
- Closes #9775
+ - "FTP without or slow 220 response"
-- urlapi: remove two variable assigns
+ Instead add to the documentation of the connect timeout that the
+ connection is considered complete at TCP/TLS/QUIC layer.
- To please scan-build:
+ Closes #9979
- urlapi.c:1163:9: warning: Value stored to 'qlen' is never read
- qlen = Curl_dyn_len(&enc);
- ^ ~~~~~~~~~~~~~~~~~~
- urlapi.c:1164:9: warning: Value stored to 'query' is never read
- query = u->query = Curl_dyn_ptr(&enc);
- ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Stefan Eissing (26 Nov 2022)
- Follow-up to 7d6cf06f571d57
-
- Closes #9777
-
-Jeremy Maitin-Shepard (21 Oct 2022)
-
-- cmake: improve usability of CMake build as a sub-project
-
- - Renames `uninstall` -> `curl_uninstall`
- - Ensures all export rules are guarded by CURL_ENABLE_EXPORT_TARGET
-
- Closes #9638
-
-Don J Olmstead (21 Oct 2022)
+- tests: add authorityInfoAccess to generated certs
-- easy_lock: check for HAVE_STDATOMIC_H as well
+ Generate stunnel.pem as well
- The check for `HAVE_STDATOMIC_H` looks to see if the `stdatomic.h`
- header is present.
+ Closes #9980
- Closes #9755
+Daniel Stenberg (25 Nov 2022)
-Daniel Stenberg (21 Oct 2022)
+- runtests: --no-debuginfod now disables DEBUGINFOD_URLS
-- RELEASE-NOTES: synced
+ Prior to this change, DEBUGINFOD_URLS was always disabled by runtests
+ due to a report of it slowing down tests. However, some setups need it
+ to fetch debug symbols, and if it is disabled on those systems then curl
+ tests with valgrind will fail.
-Brad Harder (20 Oct 2022)
+ Reported-by: Mark Gaiser
-- CURLMOPT_PIPELINING.3: dedup manpage xref
+ Ref: #8805
+ Closes #9950
- Closes #9776
+Casey Bodley (25 Nov 2022)
-Marc Hoersken (20 Oct 2022)
+- test/aws_sigv4: test cases for content-sha256
-- CI: report AppVeyor build status for each job
+ 1956 adds the sha256 value corresponding to an empty buffer
+ 1957 adds an arbitrary value and confirms that the signature differs from 195
+ 6
+ 1958 adds whitespace to 1957 and confirms that the signature matches 1957
+ 1959 adds a value longer than 'char sha_hex[65]' in Curl_output_aws_sigv4()
- Also give each job on AppVeyor CI a human-readable name.
+ Signed-off-by: Casey Bodley <cbodley@redhat.com>
- This aims to make job and therefore build failures more visible.
+ Closes #9804
- Reviewed-by: Marcel Raad
- Closes #9769
+- aws_sigv4: consult x-%s-content-sha256 for payload hash
-Viktor Szakats (20 Oct 2022)
+ `Curl_output_aws_sigv4()` doesn't always have the whole payload in
+ memory to generate a real payload hash. this commit allows the user to
+ pass in a header like `x-amz-content-sha256` to provide their desired
+ payload hash
-- amiga: set SIZEOF_CURL_OFF_T=8 by default [ci skip]
+ some services like s3 require this header, and may support other values
+ like s3's `UNSIGNED-PAYLOAD` and `STREAMING-AWS4-HMAC-SHA256-PAYLOAD`
+ with special semantics. servers use this header's value as the payload
+ hash during signature validation, so it must match what the client uses
+ to generate the signature
- Reviewed-by: Daniel Stenberg
+ CURLOPT_AWS_SIGV4.3 now describes the content-sha256 interaction
- Closes #9771
+ Signed-off-by: Casey Bodley <cbodley@redhat.com>
-- connect: fix builds without AF_INET6
+ Closes #9804
- Regression from 2b309560c1e5d6ed5c0e542e6fdffa968b0521c9
+Philip Heiduck (25 Nov 2022)
- Reviewed-by: Daniel Stenberg
- Reviewed-by: Jay Satiro
+- GHA: NSS use clang instead of clang-9
- Closes #9770
+ Closes #9978
-Daniel Stenberg (20 Oct 2022)
+Daniel Stenberg (25 Nov 2022)
-- test1105: adjust <data> to work with a hyper build
+- RELEASE-NOTES: synced
- Closes #9767
+- tool_operate: override the numeric locale and set "C" by force
-- urlapi: fix parsing URL without slash with CURLU_URLENCODE
+ Makes curl always use dot as decimal separator for options,
+ independently of what the locale says. Makes scripts and command lines
+ portable.
- When CURLU_URLENCODE is set, the parser would mistreat the path
- component if the URL was specified without a slash like in
- http://local.test:80?-123
+ Updated docs accordingly.
- Extended test 1560 to reproduce and verify the fix.
+ Reported-by: Daniel Faust
- Reported-by: Trail of Bits
+ Fixes #9969
+ Closes #9972
- Closes #9763
+- test1662: verify formpost, 301 redirect, no rewind possible
-Marc Hoersken (19 Oct 2022)
+ Reproduces #9735 and verifies the subsequent fix. The original issue
+ uses a pipe that cannot be rewound, but this test case instead sets a
+ callback without rewind ability to get roughly the same properties but
+ being a much more portable test.
-- tests: avoid CreateThread if _beginthreadex is available
+- lib: rewind BEFORE request instead of AFTER previous
- CreateThread is not threadsafe if mixed with CRT calls.
- _beginthreadex on the other hand can be mixed with CRT.
+ This makes a big difference for cases when the rewind is not actually
+ necessary to perofm (for example HTTP response code 301 converts to GET)
+ and therefore the rewind can be avoided. In particular for situations
+ when that rewind fails, for example when reading from a pipe or similar.
- Reviewed-by: Marcel Raad
- Closes #9705
+ Reported-by: Ali Utku Selen
-Joel Depooter (19 Oct 2022)
+ Fixes #9735
+ Closes #9958
-- schannel: Don't reset recv/send function pointers on renegotiation
+- vtls: repair build with disabled proxy
- These function pointers will have been set when the initial TLS
- handshake was completed. If they are unchanged, there is no need to set
- them again. If they have been changed, as is the case with HTTP/2, we
- don't want to override that change. That would result in the
- http22_recv/send functions being completely bypassed.
+ Closes #9974
- Prior to this change a connection that uses Schannel with HTTP/2 would
- fail on renegotiation with error "Received HTTP/0.9 when not allowed".
+Daniel Gustafsson (23 Nov 2022)
- Fixes https://github.com/curl/curl/issues/9451
- Closes https://github.com/curl/curl/pull/9756
+- packaging: remove traces of deleted files
-Viktor Szakats (18 Oct 2022)
+ Commit a8861b6cc removed packages/DOS but left a few traces of it
+ which broke the distcheck CI. Remove all traces.
-- hostip: guard PF_INET6 use
+ Closes: #9971
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
- Some platforms (e.g. Amiga OS) do not have `PF_INET6`. Adjust the code
- for these.
+- openssl: silence compiler warning when not using IPv6
- ```
- hostip.c: In function 'fetch_addr':
- hostip.c:308:12: error: 'PF_INET6' undeclared (first use in this function)
- pf = PF_INET6;
- ^~~~~~~~
- ```
+ In non-IPv6 builds the conn parameter is unused, and compilers which
+ run with "-Werror=unused-parameter" (or similar) warnings turned on
+ fails to build. Below is an excerpt from a CI job:
- Regression from 1902e8fc511078fb5e26fc2b907b4cce77e1240d
+ vtls/openssl.c: In function ‘Curl_ossl_verifyhost’:
+ vtls/openssl.c:2016:75: error: unused parameter ‘conn’ [-Werror=unused-
+ parameter]
+ 2016 | CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connec
+ tdata *conn,
+ | ~~~~~~~~~~~~~
+ ~~~~~~~^~~~
- Reviewed-by: Daniel Stenberg
+ Closes: #9970
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
- Closes #9760
+- netware: remove leftover traces
-- amiga: do not hardcode openssl/zlib into the os config [ci skip]
+ Commit 3b16575ae938dec2a29454631a12aa52b6ab9c67 removed support for
+ building on Novell Netware, but a few leftover traces remained. This
+ removes the last bits.
- Enable them in `lib/makefile.amiga` and `src/makefile.amiga` instead.
+ Closes: #9966
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
- This allows builds without openssl and/or zlib. E.g. with the
- <https://github.com/bebbo/amiga-gcc> cross-compiler.
+Ryan Schmidt (23 Nov 2022)
- Reviewed-by: Daniel Stenberg
+- curl_endian: remove Curl_write64_le from header
- Closes #9762
+ The actual function was already removed in 4331c6dc.
-- amigaos: add missing curl header [ci skip]
+ See #7280
+ Closes #9968
- Without it, `CURLcode` and `CURLE_*` are undefined. `lib/hostip.h` and
- conditional local code need them.
+Daniel Stenberg (22 Nov 2022)
- Reviewed-by: Daniel Stenberg
+- docs: add more "SEE ALSO" links to CA related pages
- Closes #9761
+ Closes #9959
-Daniel Stenberg (18 Oct 2022)
+- examples: update descriptions
-- cmdline/docs: add a required 'multi' keyword for each option
+ Make them not say "this is an example showing..." and instead just say
+ what the example shows.
- The keyword specifies how option works when specified multiple times:
+ Closes #9960
- - single: the last provided value replaces the earlier ones
- - append: it supports being provided multiple times
- - boolean: on/off values
- - mutex: flag-like option that disable anoter flag
+Stefan Eissing (22 Nov 2022)
- The 'gen.pl' script then outputs the proper and unified language for
- each option's multi-use behavior in the generated man page.
+- vtls: localization of state data in filters
- The multi: header is requires in each .d file and will cause build error
- if missing or set to an unknown value.
+ - almost all backend calls pass the Curl_cfilter intance instead of
+ connectdata+sockindex
+ - ssl_connect_data is remove from struct connectdata and made internal
+ to vtls
+ - ssl_connect_data is allocated in the added filter, kept at cf->ctx
- Closes #9759
+ - added function to let a ssl filter access its ssl_primary_config and
+ ssl_config_data this selects the propert subfields in conn and data,
+ for filters added as plain or proxy
+ - adjusted all backends to use the changed api
+ - adjusted all backends to access config data via the exposed
+ functions, no longer using conn or data directly
-- CURLOPT_AUTOREFERER.3: highlight the privacy leak risk
+ cfilter renames for clear purpose:
- Closes #9757
+ - methods `Curl_conn_*(data, conn, sockindex)` work on the complete
+ filter chain at `sockindex` and connection `conn`.
+ - methods `Curl_cf_*(cf, ...)` work on a specific Curl_cfilter
+ instance.
+ - methods `Curl_conn_cf()` work on/with filter instances at a
+ connection.
+ - rebased and resolved some naming conflicts
+ - hostname validation (und session lookup) on SECONDARY use the same
+ name as on FIRST (again).
-- mprintf: reject two kinds of precision for the same argument
+ new debug macros and removing connectdata from function signatures where not
+ needed.
- An input like "%.*1$.9999d" would first use the precision taken as an
- argument *and* then the precision specified in the string, which is
- confusing and wrong. pass1 will now instead return error on this double
- use.
+ adapting schannel for new Curl_read_plain paramter.
- Adjusted unit test 1398 to verify
+ Closes #9919
- Reported-by: Peter Goodman
+Daniel Stenberg (22 Nov 2022)
- Closes #9754
+- examples/10-at-a-time: fix possible skipped final transfers
-- ftp: remove redundant if
+ Prior to this change if curl_multi_perform returned 0 running handles
+ and then all remaining transfers were added, then the perform loop would
+ end immediately without performing those transfers.
- Reported-by: Trail of Bits
+ Reported-by: Mikhail Kuznetsov
- Closes #9753
+ Fixes https://github.com/curl/curl/issues/9953
+ Closes https://github.com/curl/curl/pull/9954
-- tool_operate: more transfer cleanup after parallel transfer fail
+Viktor Szakats (22 Nov 2022)
- In some circumstances when doing parallel transfers, the
- single_transfer_cleanup() would not be called and then 'inglob' could
- leak.
+- Makefile.mk: portable Makefile.m32
- Test 496 verifies
+ Update bare GNU Make `Makefile.m32` to:
- Reported-by: Trail of Bits
- Closes #9749
-
-- mqtt: spell out CONNECT in comments
+ - Move objects into a subdirectory.
+ - Add support for MS-DOS. Tested with DJGPP.
+ - Add support for Watt-32 (on MS-DOS).
+ - Add support for AmigaOS.
+ - Rename `Makefile.m32` to `Makefile.mk`
+ - Replace `ARCH` with `TRIPLET`.
+ - Build `tool_hugehelp.c` proper (when tools are available).
+ - Drop MS-DOS compatibility macro `USE_ZLIB` (replaced by `HAVE_LIBZ`)
+ - Add support for `ZLIB_LIBS` to override `-lz`.
+ - Omit object files when building examples.
+ - Default `CC` to `gcc` once again, for convenience. (Caveat: compiler
+ name `cc` cannot be set now.)
+ - Set `-DCURL_NO_OLDIES` for examples, like autotools does.
+ - Delete `makefile.dj` files. Notice the configuration details and
+ defaults are not retained with the new method.
+ - Delete `makefile.amiga` files. A successful build needs a few custom
+ options. We're also not retaining all build details from the existing
+ Amiga make files.
+ - Rename `Makefile.m32` to `Makefile.mk` to reflect that they are not
+ Windows/MinGW32-specific anymore.
+ - Add support for new `CFG` options: `-map`, `-debug`, `-trackmem`
+ - Set `-DNDEBUG` by default.
+ - Allow using `-DOS=...` in all `lib/config-*.h` headers, syncing this
+ with `config-win32.h`.
+ - Look for zlib parts in `ZLIB_PATH/include` and `ZLIB_PATH/lib`
+ instead of bare `ZLIB_PATH`.
- Instead of calling it 'CONN' in several comments, use the full and
- correct protocol packet name.
+ Note that existing build configurations for MS-DOS and AmigaOS likely
+ become incompatible with this change.
- Suggested by Trail of Bits
+ Example AmigaOS configuration:
+ ```
+ export CROSSPREFIX=/opt/amiga/bin/m68k-amigaos-
+ export CC=gcc
+ export CPPFLAGS='-DHAVE_PROTO_BSDSOCKET_H'
+ export CFLAGS='-mcrt=clib2'
+ export LDFLAGS="${CFLAGS}"
+ export LIBS='-lnet -lm'
+ make -C lib -f Makefile.mk
+ make -C src -f Makefile.mk
+ ```
- Closes #9751
+ Example MS-DOS configuration:
+ ```
+ export CROSSPREFIX=/opt/djgpp/bin/i586-pc-msdosdjgpp-
+ export WATT_PATH=/opt/djgpp/net/watt
+ export ZLIB_PATH=/opt/djgpp
+ export OPENSSL_PATH=/opt/djgpp
+ export OPENSSL_LIBS='-lssl -lcrypt'
+ export CFG=-zlib-ssl
+ make -C lib -f Makefile.mk
+ make -C src -f Makefile.mk
+ ```
-- CURLOPT_POSTFIELDS.3: refer to CURLOPT_MIMEPOST
+ Closes #9764
- Not the deprecated CURLOPT_HTTPPOST option.
+Stefan Eissing (22 Nov 2022)
- Also added two see-alsos.
+- cfiler: filter types have flags indicating what they do
- Reported-by: Trail of Bits
- Closes #9752
+ - Adding Curl_conn_is_ip_connected() to check if network connectivity
+ has been reached
-- RELEASE-NOTES: synced
+ - having ftp wait for network connectivity before proceeding with
+ transfers.
-Jay Satiro (17 Oct 2022)
+ Fixes test failures 1631 and 1632 with hyper.
-- ngtcp2: Fix build errors due to changes in ngtcp2 library
+ Closes #9952
- ngtcp2/ngtcp2@b0d86f60 changed:
+Daniel Stenberg (21 Nov 2022)
- - ngtcp2_conn_get_max_udp_payload_size =>
- ngtcp2_conn_get_max_tx_udp_payload_size
+- RELEASE-NOTES: synced
- - ngtcp2_conn_get_path_max_udp_payload_size =>
- ngtcp2_conn_get_path_max_tx_udp_payload_size
+Jay Satiro (20 Nov 2022)
- ngtcp2/ngtcp2@ec59b873 changed:
+- sendf: change Curl_read_plain to wrap Curl_recv_plain (take 2)
- - 'early_data_rejected' member added to ng_callbacks.
+ Prior to this change Curl_read_plain would attempt to read the
+ socket directly. On Windows that's a problem because recv data may be
+ cached by libcurl and that data is only drained using Curl_recv_plain.
- Assisted-by: Daniel Stenberg
- Reported-by: jurisuk@users.noreply.github.com
+ Rather than rewrite Curl_read_plain to handle cached recv data, I
+ changed it to wrap Curl_recv_plain, in much the same way that
+ Curl_write_plain already wraps Curl_send_plain.
- Fixes https://github.com/curl/curl/issues/9747
- Closes https://github.com/curl/curl/pull/9748
+ Curl_read_plain -> Curl_recv_plain
+ Curl_write_plain -> Curl_send_plain
-Daniel Stenberg (16 Oct 2022)
+ This fixes a bug in the schannel backend where decryption of arbitrary
+ TLS records fails because cached recv data is never drained. We send
+ data (TLS records formed by Schannel) using Curl_write_plain, which
+ calls Curl_send_plain, and that may do a recv-before-send
+ ("pre-receive") to cache received data. The code calls Curl_read_plain
+ to read data (TLS records from the server), which prior to this change
+ did not call Curl_recv_plain and therefore cached recv data wasn't
+ retrieved, resulting in malformed TLS records and decryption failure
+ (SEC_E_DECRYPT_FAILURE).
-- curl_path: return error if given a NULL homedir
+ The bug has only been observed during Schannel TLS 1.3 handshakes. Refer
+ to the issue and PR for more information.
- Closes #9740
+ --
-- libssh: if sftp_init fails, don't get the sftp error code
+ This is take 2 of the original fix. It preserves the original behavior
+ of Curl_read_plain to write 0 to the bytes read parameter on error,
+ since apparently some callers expect that (SOCKS tests were hanging).
+ The original fix which landed in 12e1def5 and was later reverted in
+ 18383fbf failed to work properly because it did not do that.
- This flow extracted the wrong code (sftp code instead of ssh code), and
- the code is sometimes (erroneously) returned as zero anyway, so skip
- getting it and set a generic error.
+ Also, it changes Curl_write_plain the same way to complement
+ Curl_read_plain, and it changes Curl_send_plain to return -1 instead of
+ 0 on CURLE_AGAIN to complement Curl_recv_plain.
- Reported-by: David McLaughlin
- Fixes #9737
- Closes #9740
+ Behavior on error with these changes:
-- mqtt: return error for too long topic
+ Curl_recv_plain returns -1 and *code receives error code.
+ Curl_send_plain returns -1 and *code receives error code.
+ Curl_read_plain returns error code and *n (bytes read) receives 0.
+ Curl_write_plain returns error code and *written receives 0.
- Closes #9744
+ --
-Rickard Hallerbäck (16 Oct 2022)
+ Ref: https://github.com/curl/curl/issues/9431#issuecomment-1312420361
-- tool_paramhlp: make the max argument a 'double'
+ Assisted-by: Joel Depooter
+ Reported-by: Egor Pugin
- To fix compiler warnings "Implicit conversion from 'long' to 'double'
- may lose precision"
+ Fixes https://github.com/curl/curl/issues/9431
+ Closes https://github.com/curl/curl/pull/9949
- Closes #9700
+Sean McArthur (19 Nov 2022)
-Philip Heiduck (15 Oct 2022)
+- hyper: classify headers as CONNECT and 1XX
-- cirrus-ci: add more macOS builds with m1 based on x86_64 builds
+ Closes #9947
- Also refactor macOS builds to use task matrix.
+Stefan Eissing (19 Nov 2022)
- Assisted-by: Marc Hörsken
- Closes #9565
+- ftp: fix "AUTH TLS" on primary conn and for SSL in PASV second conn
-Viktor Szakats (14 Oct 2022)
+ Follow-up to dafdb20a26d0c89
-- cmake: set HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID on Windows
+ Reported-by: Anthony Hu
+ Closes #9948
- `lib/config-win32.h` enables this configuration option unconditionally.
- Make it apply to CMake builds as well.
+Jay Satiro (19 Nov 2022)
- While here, delete a broken check for
- `HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID` from `CMakeLists.txt`. This came with
- the initial commit [1], but did not include the actual verification code
- inside `CMake/CurlTests.c`, so it always failed. A later commit [2]
- added a second test, for non-Windows platforms.
+- CURLOPT_POST.3: Explain setting to 0 changes request type
- Enabling this flag causes test 1056 to fail with CMake builds, as they
- do with autotools builds. Let's apply the same solution and ignore the
- results here as well.
+ Bug: https://github.com/curl/curl/issues/9849
+ Reported-by: MonkeybreadSoftware@users.noreply.github.com
- [1] 4c5307b45655ba75ab066564afdc0c111a8b9291
- [2] aec7c5a87c8482b6ddffa352d7d220698652262e
+ Closes https://github.com/curl/curl/pull/9942
- Reviewed-by: Daniel Stenberg
- Assisted-by: Marcel Raad
+Daniel Stenberg (19 Nov 2022)
- Closes #9726
+- docs/INSTALL.md: expand on static builds
-- cmake: set HAVE_GETADDRINFO_THREADSAFE on Windows
+ Remove from KNOWN_BUGS
- autotools enables this configuration option unconditionally for Windows
- [^1]. Do the same in CMake.
+ Closes #9944
- The above will make this work for all reasonably recent environments.
- The logic present in `lib/config-win32.h` [^2] has the following
- exceptions which we did not cover in this CMake update:
+Stefan Eissing (19 Nov 2022)
- - Builds targeting Windows 2000 and earlier
- - MS Visual C++ 5.0 (1997) and earlier
+- http: restore h3 to working condition after connection filter introduction
- Also make sure to disable this feature when `HAVE_GETADDRINFO` isn't
- set, to avoid a broken build. We might want to handle that in the C
- sources in a future commit.
+ Follow-up to dafdb20a26d0c
- [^1]: https://github.com/curl/curl/blob/68fa9bf3f5d7b4fcbb57619f70cb4aabb79a5
- 1f6/m4/curl-functions.m4#L2067-L2070
+ HTTP/3 needs a special filter chain, since it does the TLS handling
+ itself. This PR adds special setup handling in the HTTP protocol handler
+ that takes are of it.
- [^2]: https://github.com/curl/curl/blob/68fa9bf3f5d7b4fcbb57619f70cb4aabb79a5
- 1f6/lib/config-win32.h#L511-L528
+ When a handler, in its setup method, installs filters, the default
+ behaviour for managing the filter chain is overridden.
- Closes #9727
+ Reported-by: Karthikdasari0423 on github
-- cmake: sync HAVE_SIGNAL detection with autotools
+ Fixes #9931
+ Closes #9945
- `HAVE_SIGNAL` means the availability of the `signal()` function in
- autotools, while in CMake it meant the availability of that function
- _and_ the symbol `SIGALRM`.
+Daniel Stenberg (18 Nov 2022)
- The latter is not available on Windows, but the function is, which means
- on Windows, autotools did define `HAVE_SIGNAL`, but CMake did not,
- introducing a slight difference into the binaries.
+- urldata: change port num storage to int and unsigned short
- This patch syncs CMake behaviour with autotools to look for the function
- only.
+ Instead of long.
- The logic came with the initial commit adding CMake support to curl, so
- the commit history doesn't reveal the reason behind it. In any case,
- it's best to check the existence of `SIGALRM` directly in the source
- before use. For now, curl builds fine with `HAVE_SIGNAL` enabled and
- `SIGALRM` missing.
+ Closes #9946
- Follow-up to 68fa9bf3f5d7b4fcbb57619f70cb4aabb79a51f6
+- Revert "sendf: change Curl_read_plain to wrap Curl_recv_plain"
- Closes #9725
+ This reverts commit 12e1def51a75392df62e65490416007d7e68dab9.
-- cmake: delete duplicate HAVE_GETADDRINFO test
+ It introduced SOCKS proxy fails, like test 700 never ending.
- A custom `HAVE_GETADDRINFO` check came with the initial CMake commit
- [1]. A later commit [2] added a standard check for it as well. The
- standard check run before the custom one, so CMake ignored the latter.
+ Reopens #9431
- The custom check was also non-portable, so this patch deletes it in
- favor of the standard check.
+- HTTP-COOKIES.md: update the 6265bis link to draft-11
- [1] 4c5307b45655ba75ab066564afdc0c111a8b9291
- [2] aec7c5a87c8482b6ddffa352d7d220698652262e
+ Closes #9940
- Closes #9731
+- docs/WEBSOCKET.md: explain the URL use
-Daniel Stenberg (14 Oct 2022)
+ Fixes #9936
+ Closes #9941
-- tool_formparse: unroll the NULL_CHECK and CONST_FREE macros
+Jay Satiro (18 Nov 2022)
- To make the code read more obvious
+- sendf: change Curl_read_plain to wrap Curl_recv_plain
- Assisted-by: Jay Satiro
-
- Closes #9710
+ Prior to this change Curl_read_plain would attempt to read the
+ socket directly. On Windows that's a problem because recv data may be
+ cached by libcurl and that data is only drained using Curl_recv_plain.
-Christopher Sauer (14 Oct 2022)
+ Rather than rewrite Curl_read_plain to handle cached recv data, I
+ changed it to wrap Curl_recv_plain, in much the same way that
+ Curl_write_plain already wraps Curl_send_plain.
-- docs/INSTALL: update Android Instructions for newer NDKs
+ Curl_read_plain -> Curl_recv_plain
+ Curl_write_plain -> Curl_send_plain
- Closes #9732
+ This fixes a bug in the schannel backend where decryption of arbitrary
+ TLS records fails because cached recv data is never drained. We send
+ data (TLS records formed by Schannel) using Curl_write_plain, which
+ calls Curl_send_plain, and that may do a recv-before-send
+ ("pre-receive") to cache received data. The code calls Curl_read_plain
+ to read data (TLS records from the server), which prior to this change
+ did not call Curl_recv_plain and therefore cached recv data wasn't
+ retrieved, resulting in malformed TLS records and decryption failure
+ (SEC_E_DECRYPT_FAILURE).
-Daniel Stenberg (14 Oct 2022)
+ The bug has only been observed during Schannel TLS 1.3 handshakes. Refer
+ to the issue and PR for more information.
-- markdown-uppercase: ignore quoted sections
+ Ref: https://github.com/curl/curl/issues/9431#issuecomment-1312420361
- Sections within the markdown ~~~ or ``` are now ignored.
+ Assisted-by: Joel Depooter
+ Reported-by: Egor Pugin
- Closes #9733
+ Fixes https://github.com/curl/curl/issues/9431
+ Closes https://github.com/curl/curl/pull/9904
-- RELEASE-NOTES: synced
+- test3026: reduce runtime in legacy mingw builds
-- test8: update as cookies no longer can have "embedded" TABs in content
+ - Load Windows system libraries secur32 and iphlpapi beforehand, so
+ that libcurl's repeated global init/cleanup only increases/decreases
+ the library's refcount rather than causing it to load/unload.
-- test1105: extend to verify TAB in name/content discarding cookies
+ Assisted-by: Marc Hoersken
-- cookie: reject cookie names or content with TAB characters
+ Closes https://github.com/curl/curl/pull/9412
- TABs in name and content seem allowed by RFC 6265: "the algorithm strips
- leading and trailing whitespace from the cookie name and value (but
- maintains internal whitespace)"
+Daniel Stenberg (18 Nov 2022)
- Cookies with TABs in the names are rejected by Firefox and Chrome.
+- url: move back the IDN conversion of proxy names
- TABs in content are stripped out by Firefox, while Chrome discards the
- whole cookie.
+ Regression: in commit 53bcf55 we moved the IDN conversion calls to
+ happen before the HSTS checks. But the HSTS checks are only done on the
+ server host name, not the proxy names. By moving the proxy name IDN
+ conversions, we accidentally broke the verbose output showing the proxy
+ name.
- TABs in cookies also cause issues in saved netscape cookie files.
+ This change moves back the IDN conversions for the proxy names to the
+ place in the code path they were before 53bcf55.
- Reported-by: Trail of Bits
+ Reported-by: Andy Stamp
+ Fixes #9937
+ Closes #9939
- URL: https://curl.se/mail/lib-2022-10/0032.html
- URL: https://github.com/httpwg/http-extensions/issues/2262
+Alexandre Ferrieux (18 Nov 2022)
- Closes #9659
+- CURLOPT_QUICK_EXIT: don't wait for DNS thread on exit
-- curl/add_parallel_transfers: better error handling
+ Fixes #2975
+ Closes #9147
- 1 - consider the transfer handled at once when in the function, to avoid
- the same list entry to get added more than once in rare error
- situations
+Daniel Stenberg (17 Nov 2022)
- 2 - set the ERRORBUFFER for the handle first after it has been added
- successfully
+- HTTP-COOKIES.md: mention that http://localhost is a secure context
Reported-by: Trail of Bits
- Closes #9729
+ Closes #9938
-- netrc: remove the two 'changed' arguments
+- lib: parse numbers with fixed known base 10
- As no user of these functions used the returned content.
+ ... instead of using 0 argument that allows decimal, hex or octal when
+ the number is documented and assumed to use base 10.
-- test495: verify URL encoded user name + netrc-optional
+ Closes #9933
- Reproduced issue #9709
+- RELEASE-NOTES: synced
-- netrc: use the URL-decoded user
+- scripts/delta: adapt to curl.h changes for the opt counter
- When the user name is provided in the URL it is URL encoded there, but
- when used for authentication the encoded version should be used.
+- cookie: expire cookies at once when max-age is negative
- Regression introduced after 7.83.0
+ Update test 329 to verify
- Reported-by: Jonas Haag
- Fixes #9709
- Closes #9715
+ Reported-by: godmar on github
+ Fixes #9930
+ Closes #9932
-Shaun Mirani (13 Oct 2022)
+Stefan Eissing (17 Nov 2022)
-- url: allow non-HTTPS HSTS-matching for debug builds
+- proxy: haproxy filter is only available when PROXY and HTTP are
- Closes #9728
+ Closes #9935
-Daniel Stenberg (13 Oct 2022)
+Daniel Stenberg (16 Nov 2022)
-- test1275: remove the check of stderr
+- OtherTests.cmake: check for cross-compile, not for toolchain
- To avoid the mysterious test failures on Windows, instead rely on the
- error code returned on failure.
+ Build systems like vcpkg alway sets `CMAKE_TOOLCHAIN_FILE` so it should
+ not be used as a sign that this is a cross-compile.
- Fixes #9716
- Closes #9723
+ Also indented the function correctly.
-Viktor Szakats (13 Oct 2022)
+ Reported-by: Philip Chan
+ Fixes #9921
+ Closes #9923
-- lib: set more flags in config-win32.h
+- ntlm: improve comment for encrypt_des
- The goal is to add any flag that affect the created binary, to get in
- sync with the ones built with CMake and autotools.
+ Reported-by: Andrei Rybak
+ Fixes #9903
+ Closes #9925
- I took these flags from curl-for-win [0], where they've been tested with
- mingw-w64 and proven to work well.
+- include/curl/curl.h: bump the deprecated requirements to gcc 5.3
- This patch brings them to curl as follows:
+ Reported-by: Stephan Guilloux
+ Fixes #9917
+ Closes #9918
- - Enable unconditionally those force-enabled via
- `CMake/WindowsCache.cmake`:
+Stefan Eissing (15 Nov 2022)
- - `HAVE_SETJMP_H`
- - `HAVE_STRING_H`
- - `HAVE_SIGNAL` (CMake equivalent is `HAVE_SIGNAL_FUNC`)
+- proxy: refactor haproxy protocol handling as connection filter
- - Expand existing guards with mingw-w64:
+ Closes #9893
- - `HAVE_STDBOOL_H`
- - `HAVE_BOOL_T`
+Patrick Monnerat (15 Nov 2022)
- - Enable Win32 API functions for Windows Vista and later:
+- lib: feature deprecation warnings in gcc >= 4.3
- - `HAVE_INET_NTOP`
- - `HAVE_INET_PTON`
+ Add a deprecated attribute to functions and enum values that should not
+ be used anymore.
+ This uses a gcc 4.3 dialect, thus is only available for this version of
+ gcc and newer. Note that the _Pragma() keyword is introduced by C99, but
+ is available as part of the gcc dialect even when compiling in C89 mode.
- - Set sizes, if not already set:
+ It is still possible to disable deprecation at a calling module compile
+ time by defining CURL_DISABLE_DEPRECATION.
- - `SIZEOF_OFF_T = 8`
- - `_FILE_OFFSET_BITS = 64` when `USE_WIN32_LARGE_FILES` is set,
- and using mingw-w64.
+ Gcc type checking macros are made aware of possible deprecations.
- - Add the remaining for mingw-w64 only. Feel free to expand as desired:
+ Some testing support Perl programs are adapted to the extended
+ declaration syntax.
- - `HAVE_LIBGEN_H`
- - `HAVE_FTRUNCATE`
- - `HAVE_BASENAME`
- - `HAVE_STRTOK_R`
+ Several test and unit test C programs intentionally use deprecated
+ functions/options and are annotated to not generate a warning.
- Future TODO:
+ New test 1222 checks the deprecation status in doc and header files.
- - `HAVE_SIGNAL` has a different meaning in CMake. It's enabled when both
- the `signal()` function and the `SIGALRM` macro are found. In
- autotools and this header, it means the function only. For the
- function alone, CMake uses `HAVE_SIGNAL_FUNC`.
+ Closes #9667
- [0] https://github.com/curl/curl-for-win/blob/c9b9a5f273c94c73d2b565ee892c4df
- f0ca97a8c/curl-m32.sh#L53-L58
+Daniel Stenberg (15 Nov 2022)
- Reviewed-by: Daniel Stenberg
+- log2changes.pl: wrap long lines at 80 columns
- Closes #9712
+ Also, only use author names in the output.
-Daniel Stenberg (13 Oct 2022)
+ Fixes #9896
+ Reported-by: John Sherrill
+ Closes #9897
-- tests: add tests/markdown-uppercase.pl to dist tarball
+- cfilters: use %zu for outputting size_t
- Follow-up to aafb06c5928183d
+ Detected by Coverity CID 1516894
- Closes #9722
+ Closes #9907
-- tool_paramhelp: asserts verify maximum sizes for string loading
+- Curl_closesocket: avoid using 'conn' if NULL
- The two defines MAX_FILE2MEMORY and MAX_FILE2STRING define the largest
- strings accepted when loading files into memory, but as the size is
- later used as input to functions that take the size as 'int' as
- argument, the sizes must not be larger than INT_MAX.
+ ... in debug-only code.
- These two new assert()s make the code error out if someone would bump
- the sizes without this consideration.
+ Reported by Coverity CID 1516896
- Reported-by Trail of Bits
+ Closes #9907
- Closes #9719
+- url: only acknowledge fresh_reuse for non-followed transfers
-- http: try parsing Retry-After: as a number first
+ ... to make sure NTLM auth sticks to the connection it needs, as
+ verified by 2032.
- Since the date parser allows YYYYMMDD as a date format (due to it being
- a bit too generic for parsing this particular header), a large integer
- number could wrongly match that pattern and cause the parser to generate
- a wrong value.
+ Follow-up to fa0b9227616e
- No date format accepted for this header starts with a decimal number, so
- by reversing the check and trying a number first we can deduct that if
- that works, it was not a date.
+ Assisted-by: Stefan Eissing
+ Closes #9905
- Reported-by Trail of Bits
+- netrc.d: provide mutext info
- Closes #9718
+ Reported-by: xianghongai on github
+ Fixes #9899
+ Closes #9901
-Patrick Monnerat (13 Oct 2022)
+- cmdline-opts/page-footer: remove long option nroff formatting
-- doc: fix deprecation versions inconsistencies
+ As gen.pl adds them
- Ref: https://curl.se/mail/lib-2022-10/0026.html
+- nroff-scan.pl: detect double highlights
- Closes #9711
+- cmdline-opts/gen.pl: fix the linkifier
-Daniel Stenberg (13 Oct 2022)
+ Improved logic for finding existing --options in text and replacing with
+ the full version with nroff syntax. This also makes the web version link
+ options better.
-- http_aws_sigv4: fix strlen() check
+ Reported-by: xianghongai on github
+ Fixes #9899
+ Closes #9902
- The check was off-by-one leading to buffer overflow.
+Patrick Monnerat (14 Nov 2022)
- Follow-up to 29c4aa00a16872
+- tool: use feature names instead of bit mask, when possible
- Detected by OSS-Fuzz
+ If the run-time libcurl is too old to support feature names, the name
+ array is created locally from the bit masks. This is the only sequence
+ left that uses feature bit masks.
- Closes #9714
+ Closes #9583
-- curl/main_checkfds: check the fcntl return code better
+- docs: curl_version_info is not thread-safe before libcurl initialization
- fcntl() can (in theory) return a non-zero number for success, so a
- better test for error is checking for -1 explicitly.
+ Closes #9583
- Follow-up to 41e1b30ea1b77e9ff
+- version: add a feature names array to curl_version_info_data
- Mentioned-by: Dominik Klemba
+ Field feature_names contains a null-terminated sorted array of feature
+ names. Bitmask field features is deprecated.
- Closes #9708
+ Documentation is updated. Test 1177 and tests/version-scan.pl updated to
+ match new documentation format and extended to check feature names too.
-Viktor Szakats (12 Oct 2022)
+ Closes #9583
-- tidy-up: delete unused HAVE_STRUCT_POLLFD
+Stefan Eissing (14 Nov 2022)
- It was only defined in `lib/config-win32.h`, when building for Vista.
+- negtelnetserver.py: have it call its close() method
- It was only used in `select.h`, in a condition that also included a
- check for `POLLIN` which is a superior choice for this detection and
- which was already used by cmake and autotools builds.
+ Closes #9894
- Delete both instances of this macro.
+Nathan Moinvaziri (13 Nov 2022)
- Closes #9707
+- ntlm: silence ubsan warning about copying from null target_info pointer.
-Daniel Stenberg (12 Oct 2022)
+ runtime error: null pointer passed as argument 2, which is declared to
+ never be null
-- test1275: verify upercase after period in markdown
+ Closes #9898
- Script based on the #9474 pull-request logic, but implemented in perl.
+Daniel Stenberg (12 Nov 2022)
- Updated docs/URL-SYNTAX.md accordingly.
+- RELEASE-NOTES: synced
- Suggested-by: Dan Fandrich
+Stefan Eissing (12 Nov 2022)
- Closes #9697
+- Websocket: fixes for partial frames and buffer updates.
-12932 (12 Oct 2022)
+ - buffers updated correctly when handling partial frames
+ - callbacks no longer invoked for incomplete payload data of 0 length
+ - curl_ws_recv no longer returns with 0 length partial payload
-- misc: nitpick grammar in comments/docs
+ Closes #9890
- because the 'u' in URL is actually a consonant *sound* it is only
- correct to write "a URL"
+Daniel Stenberg (12 Nov 2022)
- sorry this is a bit nitpicky :P
+- tool_operate: provide better errmsg for -G with bad URL
- https://english.stackexchange.com/questions/152/when-should-i-use-a-vs-an
- https://www.techtarget.com/whatis/feature/Which-is-correct-a-URL-or-an-URL
+ If the URL that -G would try to add a query to could not be parsed, it would
+ display
- Closes #9699
+ curl: (27) Out of memory
-Viktor Szakats (11 Oct 2022)
+ It now instead shows:
-- Makefile.m32: drop CROSSPREFIX and our CC/AR defaults [ci skip]
+ curl: (2) Could not parse the URL, failed to set query
- This patch aimed to fix a regression [0], where `CC` initialization
- moved beyond its first use. But, on closer inspection it turned out that
- the `CC` initialization does not work as expected due to GNU Make
- filling it with `cc` by default. So unless implicit values were
- explicitly disabled via a GNU Make option, the default value of
- `$CROSSPREFIX` + `gcc` was never used. At the same time the implicit
- value `cc` maps to `gcc` in (most/all?) MinGW envs.
+ Reported-by: Alex Xu
+ Fixes #9889
+ Closes #9892
- `AR` has the same issue, with a default value of `ar`.
+- vtls: fix build without proxy support
- We could reintroduce a separate variable to fix this without ill
- effects, but for simplicity and flexibility, it seems better to drop
- support for `CROSSPREFIX`, along with our own `CC`/`AR` init logic, and
- require the caller to initialize `CC`, `AR` and `RC` to the full
- (prefixed if necessary) names of these tools, as desired.
+ Follow-up to dafdb20a26d0c890
- We keep `RC ?= windres` because `RC` is empty by default.
+ Closes #9895
- Also fix grammar in a comment.
+- tool_getparam: make --no-get work as the opposite of --get
- [0] 10fbd8b4e3f83b967fd9ad9a41ab484c0e7e7ca3
+ ... as documented.
- Closes #9698
+ Closes #9891
-- smb: replace CURL_WIN32 with WIN32
+- http: mark it 'this_is_a_follow' in the Location: logic
- PR #9255 aimed to fix a Cygwin/MSYS issue (#8220). It used the
- `CURL_WIN32` macro, but that one is not defined here, while compiling
- curl itself. This patch changes this to `WIN32`, assuming this was the
- original intent.
+ To make regular auth "reloads" to not count as redirects.
- Regression from 1c52e8a3795ccdf8ec9c308f4f8f19cf10ea1f1a
+ Verified by test 3101
- Reviewed-by: Marcel Raad
+ Fixes #9885
+ Closes #9887
- Closes #9701
+Viktor Szakats (11 Nov 2022)
-Matthias Gatto (11 Oct 2022)
+- config-win32: fix SIZEOF_OFF_T for MSVC and old MinGW
-- aws_sigv4: fix header computation
+ The previously set default value of 8 (64-bit) is only correct for
+ mingw-w64 and only when we set `_FILE_OFFSET_BITS` to 64 (the default
+ when building curl). For MSVC, old MinGW and other Windows compilers,
+ the correct value is 4 (32-bit). Adjust condition accordingly. Also
+ drop the manual override option.
- Handle canonical headers and signed headers creation as explained here:
- https://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.
- html
+ Regression in 7.86.0 (from 68fa9bf3f5d7b4fcbb57619f70cb4aabb79a51f6)
- The algo tells that signed and canonical must contain at last host and
- x-amz-date.
+ Bug: https://github.com/curl/curl/pull/9712#issuecomment-1307330551
- So we check whatever thoses are present in the curl http headers list.
- If they are, we use the one enter by curl user, otherwise we generate
- them. then we to lower, and remove space from each http headers plus
- host and x-amz-date, then sort them all by alphabetical order.
+ Reported-by: Peter Piekarski
+ Reviewed-by: Jay Satiro
- This patch also fix a bug with host header, which was ignoring the port.
+ Closes #9872
- Closes #7966
+Daniel Stenberg (11 Nov 2022)
-Aftab Alam (11 Oct 2022)
+- lib: remove bad set.opt_no_body assignments
-- README.md: link the curl logo to the website
+ This struct field MUST remain what the application set it to, so that
+ handle reuse and handle duplication work.
- - Link the curl:// image to https://curl.se/
+ Instead, the request state bit 'no_body' is introduced for code flows
+ that need to change this in run-time.
- Closes https://github.com/curl/curl/pull/9675
+ Closes #9888
-Dustin Howett (11 Oct 2022)
+Stefan Eissing (11 Nov 2022)
-- schannel: when importing PFX, disable key persistence
+- lib: connection filters (cfilter) addition to curl:
- By default, the PFXImportCertStore API persists the key in the user's
- key store (as though the certificate was being imported for permanent,
- ongoing use.)
+ - general construct/destroy in connectdata
+ - default implementations of callback functions
+ - connect: cfilters for connect and accept
+ - socks: cfilter for socks proxying
+ - http_proxy: cfilter for http proxy tunneling
+ - vtls: cfilters for primary and proxy ssl
+ - change in general handling of data/conn
+ - Curl_cfilter_setup() sets up filter chain based on data settings,
+ if none are installed by the protocol handler setup
+ - Curl_cfilter_connect() boot straps filters into `connected` status,
+ used by handlers and multi to reach further stages
+ - Curl_cfilter_is_connected() to check if a conn is connected,
+ e.g. all filters have done their work
+ - Curl_cfilter_get_select_socks() gets the sockets and READ/WRITE
+ indicators for multi select to work
+ - Curl_cfilter_data_pending() asks filters if the have incoming
+ data pending for recv
+ - Curl_cfilter_recv()/Curl_cfilter_send are the general callbacks
+ installed in conn->recv/conn->send for io handling
+ - Curl_cfilter_attach_data()/Curl_cfilter_detach_data() inform filters
+ and addition/removal of a `data` from their connection
+ - adding vtl functions to prevent use of Curl_ssl globals directly
+ in other parts of the code.
- The documentation specifies that keys that are not to be persisted
- should be imported with the flag PKCS12_NO_PERSIST_KEY.
- NOTE: this flag is only supported on versions of Windows newer than XP
- and Server 2003.
+ Reviewed-by: Daniel Stenberg
+ Closes #9855
- --
+- curl-rustls.m4: on macOS, rustls also needs the Security framework
- This is take 2 of the original fix. It extends the lifetime of the
- client certificate store to that of the credential handle. The original
- fix which landed in 70d010d and was later reverted in aec8d30 failed to
- work properly because it did not do that.
+ Closes #9883
- Minor changes were made to the schannel credential context to support
- closing the client certificate store handle at the end of an SSL session.
+Daniel Stenberg (10 Nov 2022)
- --
+- rtsp: only store first_host once
- Reported-by: ShadowZzj@users.noreply.github.com
+ Suggested-by: Erik Janssen
+ URL: https://github.com/curl/curl/pull/9870#issuecomment-1309499744
+ Closes #9882
- Fixes https://github.com/curl/curl/issues/9300
- Supersedes https://github.com/curl/curl/pull/9363
- Closes https://github.com/curl/curl/pull/9460
+Fata Nugraha (10 Nov 2022)
-Viktor Szakats (11 Oct 2022)
+- test3028: verify PROXY
-- Makefile.m32: support more options [ci skip]
+- http: do not send PROXY more than once
- - Add support for these options:
- `-wolfssl`, `-wolfssh`, `-mbedtls`, `-libssh`, `-psl`
+ Unlike `CONNECT`, currently we don't keep track whether `PROXY` is
+ already sent or not. This causes `PROXY` header to be sent twice during
+ `MSTATE_TUNNELING` and `MSTATE_PROTOCONNECT`.
- Caveats:
- - `-wolfssh` requires `-wolfssl`.
- - `-wolfssl` cannot be used with OpenSSL backends in parallel.
- - `-libssh` has build issues with BoringSSL and LibreSSL, and also
- what looks like a world-writable-config vulnerability on Windows.
- Consider it experimental.
- - `-psl` requires `-idn2` and extra libs passed via
- `LIBS=-liconv -lunistring`.
+ Closes #9878
+ Fixes #9442
- - Detect BoringSSL/wolfSSL and set ngtcp2 crypto lib accordingly.
- - Generalize MultiSSL detection.
- - Use else-if syntax. Requires GNU Make 3.81 (2006-04-01).
- - Document more customization options.
+Jay Satiro (10 Nov 2022)
- This brings over some configuration logic from `curl-for-win`.
+- lib: add CURL_WRITEFUNC_ERROR to signal write callback error
- Closes #9680
+ Prior to this change if the user wanted to signal an error from their
+ write callbacks they would have to use logic to return a value different
+ from the number of bytes (nmemb) passed to the callback. Also, the
+ inclination of some users has been to just return 0 to signal error,
+ which is incorrect as that may be the number of bytes passed to the
+ callback.
-- cmake: enable more detection on Windows
+ To remedy this the user can now return CURL_WRITEFUNC_ERROR instead.
- Enable `HAVE_UNISTD_H`, `HAVE_STRTOK_R` and `HAVE_STRCASECMP` detection
- on Windows, instead of having predefined values.
+ Ref: https://github.com/curl/curl/issues/9873
- With these features detected correctly, CMake Windows builds get closer
- to the autotools and `config-win32.h` ones.
+ Closes https://github.com/curl/curl/pull/9874
- This also fixes detecting `HAVE_FTRUNCATE` correctly, which required
- `unistd.h`.
+Daniel Stenberg (9 Nov 2022)
- Fixing `ftruncate()` in turn causes a build warning/error with legacy
- MinGW/MSYS1 due to an offset type size mismatch. This env misses to
- detect `HAVE_FILE_OFFSET_BITS`, which may be a reason. This patch
- force-disables `HAVE_FTRUNCATE` for this platform.
+- Revert "GHA: add scorecard.yml"
- Reviewed-by: Daniel Stenberg
+ This reverts commit ca76c79b34f9d90105674a2151bf228ff7b13bef.
- Closes #9687
+- GHA: add scorecard.yml
-- autotools: allow unix sockets on Windows
+ add a "scorecard" scanner job
- Fixes: https://github.com/curl/curl-for-win/blob/73a070d96fd906fdee929e2f1f00
- a9149fb39239/curl-autotools.sh#L44-L47
+Lorenzo Miniero (9 Nov 2022)
- On Windows this feature is present, but not the header used in the
- detection logic. It also requires an elaborate enabler logic
- (as seen in `lib/curl_setup.h`). Let's always allow it and let the
- lib code deal with the details.
+- test3100: RTSP Basic authentication
- Closes #9688
+ Closes #9449
-- cmake: add missing inet_ntop check
+Daniel Stenberg (9 Nov 2022)
- This adds the missing half of the check, next to the other half
- already present in `lib/curl_config.h.cmake`.
+- rtsp: fix RTSP auth
- Force disable `HAVE_INET_NTOP` for old MSVC where it caused compiler
- warnings.
+ Verified with test 3100
- Reviewed-by: Daniel Stenberg
+ Fixes #4750
+ Closes #9870
- Closes #9689
+- KNOWN_BUGS: remove eight entries
-Daniel Stenberg (11 Oct 2022)
+ - 1.2 Multiple methods in a single WWW-Authenticate: header
-- RELEASE-NOTES: synced
+ This is not considered a bug anymore but a restriction and one that we
+ keep because we have NEVER gotten this reported by users in the wild and
+ because of this I consider this a fringe edge case we don't need to
+ support.
-bsergean on github (11 Oct 2022)
+ - 1.6 Unnecessary close when 401 received waiting for 100
-- asyn-ares: set hint flags when calling ares_getaddrinfo
+ This is not a bug, but possibly an optimization that *can* be done.
- The hint flag is ARES_AI_NUMERICSERV, and it will save a call to
- getservbyname or getservbyname_r to set it.
+ - 1.7 Deflate error after all content was received
- Closes #9694
+ This is not a curl bug. This happens due to broken servers.
-Daniel Stenberg (11 Oct 2022)
+ - 2.1 CURLINFO_SSL_VERIFYRESULT has limited support
-- header.d: add category smtp and imap
+ This is not a bug. This is just the nature of the implementation.
- They were previously (erroneously) added manually to tool_listhelp.c
- which would make them get removed again when the file is updated next
- time, unless added correctly here in header.d
+ - 2.2 DER in keychain
- Follow-up to 2437fac01
+ This is not a bug.
- Closes #9690
+ - 5.7 Visual Studio project gaps
-- curl/get_url_file_name: use libcurl URL parser
+ This is not a bug.
- To avoid URL tricks, use the URL parser for this.
+ - 15.14 cmake build is not thread-safe
- This update changes curl's behavior slightly in that it will ignore the
- possible query part from the URL and only use the file name from the
- actual path from the URL. I consider it a bugfix.
+ Fixed in 109e9730ee5e2b
- "curl -O localhost/name?giveme-giveme" will now save the output in the
- local file named 'name'
+ - 11.3 Disconnects do not do verbose
- Updated test 1210 to verify
+ This is not a bug.
- Assisted-by: Jay Satiro
+ Closes #9871
- Closes #9684
+Hirotaka Tagawa (9 Nov 2022)
-Martin Ågren (11 Oct 2022)
+- headers: add endif comments
-- docs: fix grammar around needing pass phrase
+ Closes #9853
- "You never needed a pass phrase" reads like it's about to be followed by
- something like "until version so-and-so", but that is not what is
- intended. Change to "You never need a pass phrase". There are two
- instances of this text, so make sure to update both.
+Daniel Stenberg (8 Nov 2022)
-Xiang Xiao (10 Oct 2022)
+- test1221: verify --url-query
-- cmake: add the check of HAVE_SOCKETPAIR
+- curl: add --url-query
- which is used by Curl_socketpair
+ This option adds a piece of data, usually a name + value pair, to the
+ end of the URL query part. The syntax is identical to that used for
+ --data-urlencode with one extension:
- Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
+ If the argument starts with a '+' (plus), the rest of the string is
+ provided as-is unencoded.
- Closes #9686
+ This allows users to "build" query parts with options and URL encoding
+ even when not doing GET requests, which the already provided option -G
+ (--get) is limited to.
-Daniel Stenberg (10 Oct 2022)
+ This idea was born in a Twitter thread.
-- curl/add_file_name_to_url: use the libcurl URL parser
+ Closes #9691
- instead of the custom error-prone parser, to extract and update the path
- of the given URL
+- maketgz: set the right version in lib/libcurl.plist
- Closes #9683
+ Follow-up to e498a9b1fe5964a18eb2a3a99dc52
-- single_transfer: use the libcurl URL parser when appending query parts
+ Make sure the tarball gets a version of the libcurl.plist file that is
+ updated with the new version string.
- Instead of doing "manual" error-prone parsing in another place.
+ Reported-by: jvreelanda on github
+ Fixes #9866
+ Closes #9867
- Used when --data contents is added to the URL query when -G is provided.
+- RELEASE-NOTES: synced
- Closes #9681
+ Bumped version to 7.87.0
-- ws: fix buffer pointer use in the callback loop
+Michael Drake (8 Nov 2022)
- Closes #9678
+- curl.h: add CURLOPT_CA_CACHE_TIMEOUT option
-Petr Štetiar (10 Oct 2022)
+ Adds a new option to control the maximum time that a cached
+ certificate store may be retained for.
-- curl-wolfssl.m4: error out if wolfSSL is not usable
+ Currently only the OpenSSL backend implements support for
+ caching certificate stores.
- When I explicitly declare, that I would like to have curl built with
- wolfSSL support using `--with-wolfssl` configure option, then I would
- expect, that either I endup with curl having that support, for example
- in form of https support or it wouldn't be available at all.
+ Closes #9620
- Downstream projects like for example OpenWrt build curl wolfSSL variant
- with `--with-wolfssl` already, but in certain corner cases it does fail:
+- openssl: reduce CA certificate bundle reparsing by caching
- configure:25299: checking for wolfSSL_Init in -lwolfssl
- configure:25321: x86_64-openwrt-linux-musl-gcc -o conftest [snip]
- In file included from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/dsa.
- h:33,
- from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/asn_
- public.h:35,
- from target-x86_64_musl/usr/include/wolfssl/ssl.h:35,
- from conftest.c:47:
- target-x86_64_musl/usr/include/wolfssl/wolfcrypt/integer.h:37:14: fatal err
- or: wolfssl/wolfcrypt/sp_int.h: No such file or directory
- #include <wolfssl/wolfcrypt/sp_int.h>
- ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
- compilation terminated.
+ Closes #9620
- and in the end thus produces curl without https support:
+Rose (8 Nov 2022)
- curl: (1) Protocol "https" not supported or disabled in libcurl
+- lib: fix some type mismatches and remove unneeded typecasts
- So fix it, by making the working wolfSSL mandatory and error out in
- configure step when that's not the case:
+ Many of these castings are unneeded if we change the variables to work
+ better with each other.
- checking for wolfSSL_Init in -lwolfssl... no
- configure: error: --with-wolfssl but wolfSSL was not found or doesn't work
+ Ref: https://github.com/curl/curl/pull/9823
- References: https://github.com/openwrt/packages/issues/19005
- References: https://github.com/openwrt/packages/issues/19547
- Signed-off-by: Petr Štetiar <ynezz@true.cz>
+ Closes https://github.com/curl/curl/pull/9835
- Closes #9682
+Daniel Stenberg (8 Nov 2022)
-Daniel Stenberg (10 Oct 2022)
+- cookie: compare cookie prefixes case insensitively
-- tool_getparam: pass in the snprintf("%.*s") string length as 'int'
+ Adapted to language in rfc6265bis draft-11.
- Reported by Coverity CID 1515928
+ Closes #9863
- Closes #9679
+ Reviewed-by: Daniel Gustafsson
-Paul Seligman (9 Oct 2022)
+- tool_operate: when aborting, make sure there is a non-NULL error buffer
-- ws: minor fixes for web sockets without the CONNECT_ONLY flag
+ To store custom errors in. Or SIGSEGVs will follow.
- - Fixed an issue where is_in_callback was getting cleared when using web
- sockets with debug logging enabled
- - Ensure the handle is is_in_callback when calling out to fwrite_func
- - Change the write vs. send_data decision to whether or not the handle
- is in CONNECT_ONLY mode.
- - Account for buflen not including the header length in curl_ws_send
+ Reported-by: Trail of Bits
+ Closes #9865
- Closes #9665
+- WEBSOCKET.md: fix broken link
-Marc Hoersken (8 Oct 2022)
+ Reported-by: Felipe Gasper
+ Bug: https://curl.se/mail/lib-2022-10/0097.html
+ Closes #9864
-- CI/cirrus: merge existing macOS jobs into a job matrix
+- CURLOPT_DEBUGFUNCTION.3: do not assume nul-termination in example
- Ref: #9627
- Reviewed-by: Philip H.
+ Reported-by: Oskar Sigvardsson
- Closes #9672
+ Bug: https://curl.se/mail/lib-2022-11/0016.html
-Daniel Stenberg (8 Oct 2022)
+ Closes #9862
-- strcase: add and use Curl_timestrcmp
+Stefan Eissing (7 Nov 2022)
- This is a strcmp() alternative function for comparing "secrets",
- designed to take the same time no matter the content to not leak
- match/non-match info to observers based on how fast it is.
+- websockets: fix handling of partial frames
- The time this function takes is only a function of the shortest input
- string.
+ buffer used and send length calculations are fixed when a partial
+ websocket frame has been received.
- Reported-by: Trail of Bits
+ Closes #9861
- Closes #9658
+Daniel Stenberg (7 Nov 2022)
-- tool_getparam: split out data_urlencode() into its own function
+- mailmap: unify Stefan Eissing
- Closes #9673
+Stefan Eissing (7 Nov 2022)
-- connect: fix Curl_updateconninfo for TRNSPRT_UNIX
+- hyper: fix handling of hyper_task's when reusing the same address
- Reported-by: Vasiliy Ulyanov
- Fixes #9664
- Closes #9670
+ Fixes #9840
+ Closes #9860
-- ws: fix Coverity complaints
+Jay Satiro (7 Nov 2022)
- Coverity pointed out several flaws where variables remained
- uninitialized after forks.
+- ws: return CURLE_NOT_BUILT_IN when websockets not built in
- Follow-up to e3f335148adc6742728f
+ - Change curl_ws_recv & curl_ws_send to return CURLE_NOT_BUILT_IN when
+ websockets support is not built in.
- Closes #9666
+ Prior to this change they returned CURLE_OK.
-Marc Hoersken (7 Oct 2022)
+ Closes #9851
-- CI/GHA: merge msh3 and openssl3 builds into linux workflow
+Daniel Stenberg (7 Nov 2022)
- Continue work on merging all Linux workflows into one file.
+- noproxy: tailmatch like in 7.85.0 and earlier
- Follow up to #9501
- Closes #9646
+ A regfression in 7.86.0 (via 1e9a538e05c010) made the tailmatch work
+ differently than before. This restores the logic to how it used to work:
-Daniel Stenberg (7 Oct 2022)
+ All names listed in NO_PROXY are tailmatched against the used domain
+ name, if the lengths are identical it needs a full match.
-- curl_ws_send.3: call the argument 'fragsize'
+ Update the docs, update test 1614.
- Since WebSocket works with "fragments" not "frames"
+ Reported-by: Stuart Henderson
+ Fixes #9842
+ Closes #9858
- Closes #9668
+- configure: require fork for NTLM-WB
-- easy: avoid Intel error #2312: pointer cast involving 64-bit pointed-to type
+ Reported-by: ウさん
- Follow-up to e3f335148adc6742728ff8
+ Fixes #9847
+ Closes #9856
- Closes #9669
+- docs/EARLY-RELEASE.md: how to determine an early release
-- tool_main: exit at once if out of file descriptors
+ URL: https://curl.se/mail/lib-2022-10/0079.html
- If the main_checkfds function cannot create new file descriptors in an
- attempt to detect of stdin, stdout or stderr are closed.
+ Closes #9820
- Also changed the check to use fcntl() to check if the descriptors are
- open, which avoids superfluously calling pipe() if they all already are.
+- RELEASE-NOTES: synced
- Follow-up to facfa19cdd4d0094
+Zespre Schmidt (3 Nov 2022)
- Reported-by: Trail of Bits
+- docs: add missing parameters for --retry flag
- Closes #9663
+ Closes #9848
-- websockets: remodeled API to support 63 bit frame sizes
+Adam Averay (3 Nov 2022)
- curl_ws_recv() now receives data to fill up the provided buffer, but can
- return a partial fragment. The function now also get a pointer to a
- curl_ws_frame struct with metadata that also mentions the offset and
- total size of the fragment (of which you might be receiving a smaller
- piece). This way, large incoming fragments will be "streamed" to the
- application. When the curl_ws_frame struct field 'bytesleft' is 0, the
- final fragment piece has been delivered.
+- libcurl-errors.3: remove duplicate word
- curl_ws_recv() was also adjusted to work with a buffer size smaller than
- the fragment size. (Possibly needless to say as the fragment size can
- now be 63 bit large).
+ Closes #9846
- curl_ws_send() now supports sending a piece of a fragment, in a
- streaming manner, in addition to sending the entire fragment in a single
- call if it is small enough. To send a huge fragment, curl_ws_send() can
- be used to send it in many small calls by first telling libcurl about
- the total expected fragment size, and then send the payload in N number
- of separate invokes and libcurl will stream those over the wire.
+Eric Vigeant (3 Nov 2022)
- The struct curl_ws_meta() returns is now called 'curl_ws_frame' and it
- has been extended with two new fields: *offset* and *bytesleft*. To help
- describe the passed on data chunk when a fragment is delivered in many
- smaller pieces.
+- cur_path: do not add '/' if homedir ends with one
- The documentation has been updated accordingly.
+ When using SFTP and a path relative to the user home, do not add a
+ trailing '/' to the user home dir if it already ends with one.
- Closes #9636
+ Closes #9844
-Patrick Monnerat (7 Oct 2022)
+Viktor Szakats (1 Nov 2022)
-- docs/examples: avoid deprecated options in examples where possible
+- windows: fail early with a missing windres in autotools
- Example programs targeting a deprecated feature/option are commented with
- a warning about it.
- Other examples are adapted to not use deprecated options.
+ `windres` is not always auto-detected by autotools when building for
+ Windows. When this happened, the build failed with a confusing error due
+ to the empty `RC` command:
- Closes #9661
+ ```
+ /bin/bash ../libtool --tag=RC --mode=compile -I../include -DCURL_EMBED_MANIF
+ EST -i curl.rc -o curl.o
+ [...]
+ Usage: /sandbox/curl/libtool [OPTION]... [MODE-ARG]...
+ Try 'libtool --help' for more information.
+ libtool: error: unrecognised option: '-I../include'
+ ```
-Viktor Szakats (6 Oct 2022)
+ Improve this by verifying if `RC` is set, and fail with a clear error
+ otherwise.
-- cmake: fix enabling websocket support
+ Follow-up to 6de7322c03d5b4d91576a7d9fc893e03cc9d1057
- Follow-up from 664249d095275ec532f55dd1752d80c8c1093a77
+ Ref: https://curl.se/mail/lib-2022-10/0049.html
+ Reported-by: Thomas Glanzmann
+ Closes #9781
- Closes #9660
+- lib: sync guard for Curl_getaddrinfo_ex() definition and use
-- tidy-up: delete parallel/unused feature flags
+ `Curl_getaddrinfo_ex()` gets _defined_ with `HAVE_GETADDRINFO` set. But,
+ `hostip4.c` _used_ it with `HAVE_GETADDRINFO_THREADSAFE` set alone. It
+ meant a build with the latter, but without the former flag could result
+ in calling this function but not defining it, and failing to link.
- Detecting headers and lib separately makes sense when headers come in
- variations or with extra ones, but this wasn't the case here. These were
- duplicate/parallel macros that we had to keep in sync with each other
- for a working build. This patch leaves a single macro for each of these
- dependencies:
+ Patch this by adding an extra check for `HAVE_GETATTRINFO` around the
+ call.
- - Rely on `HAVE_LIBZ`, delete parallel `HAVE_ZLIB_H`.
+ Before this patch, build systems prevented this condition. Now they
+ don't need to.
- Also delete CMake logic making sure these two were in sync, along with
- a toggle to turn off that logic, called `CURL_SPECIAL_LIBZ`.
+ While here, simplify the related CMake logic on Windows by setting
+ `HAVE_GETADDRINFO_THREADSAFE` to the detection result of
+ `HAVE_GETADDRINFO`. This expresses the following intent clearer than
+ the previous patch and keeps the logic in a single block of code:
+ When we have `getaddrinfo()` on Windows, it's always threadsafe.
- Also delete stray `HAVE_ZLIB` defines.
+ Follow-up to 67d88626d44ec04b9e11dca4cfbf62cd29fe9781
- There is also a `USE_ZLIB` variant in `lib/config-dos.h`. This patch
- retains it for compatibility and deprecates it.
+ Reviewed-by: Jay Satiro
+ Closes #9734
- - Rely on `USE_LIBSSH2`, delete parallel `HAVE_LIBSSH2_H`.
+- tidy-up: process.h detection and use
- Also delete `LIBSSH2_WIN32`, `LIBSSH2_LIBRARY` from
- `winbuild/MakefileBuild.vc`, these have a role when building libssh2
- itself. And `CURL_USE_LIBSSH`, which had no use at all.
+ This patch aims to cleanup the use of `process.h` header and the macro
+ `HAVE_PROCESS_H` associated with it.
- Also delete stray `HAVE_LIBSSH2` defines.
+ - `process.h` is always available on Windows. In curl, it is required
+ only for `_beginthreadex()` in `lib/curl_threads.c`.
- - Rely on `USE_LIBSSH`, delete parallel `HAVE_LIBSSH_LIBSSH_H`.
+ - `process.h` is also available in MS-DOS. In curl, its only use was in
+ `lib/smb.c` for `getpid()`. But `getpid()` is in fact declared by
+ `unistd.h`, which is always enabled via `lib/config-dos.h`. So the
+ header is not necessary.
- Also delete `LIBSSH_WIN32`, `LIBSSH_LIBRARY` and `HAVE_LIBSSH` from
- `winbuild/MakefileBuild.vc`, these were the result of copy-pasting the
- libssh2 line, and were not having any use.
+ - `HAVE_PROCESS_H` was detected by CMake, forced to 1 on Windows and
+ left to real detection for other platforms.
+ It was also set to always-on in `lib/config-win32.h` and
+ `lib/config-dos.h`.
+ In autotools builds, there was no detection and the macro was never
+ set.
- - Delete unused `HAVE_LIBPSL_H` and `HAVE_LIBPSL`.
+ Based on these observations, in this patch we:
- Reviewed-by: Daniel Stenberg
+ - Rework Windows `getpid` logic in `lib/smb.c` to always use the
+ equivalent direct Win32 API function `GetCurrentProcessId()`, as we
+ already did for Windows UWP apps. This makes `process.h` unnecessary
+ here on Windows.
- Closes #9652
+ - Stop #including `process.h` into files where it was not necessary.
+ This is everywhere, except `lib/curl_threads.c`.
-Daniel Stenberg (6 Oct 2022)
+ > Strangely enough, `lib/curl_threads.c` compiled fine with autotools
+ > because `process.h` is also indirecty included via `unistd.h`. This
+ > might have been broken in autotools MSVC builds, where the latter
+ > header is missing.
-- netrc: compare user name case sensitively
+ - Delete all remaining `HAVE_PROCESS_H` feature guards, for they were
+ unnecessary.
- User name comparisions in netrc need to match the case.
+ - Delete `HAVE_PROCESS_H` detection from CMake and predefined values
+ from `lib/config-*.h` headers.
- Closes #9657
+ Reviewed-by: Jay Satiro
+ Closes #9703
-- CURLOPT_COOKIEFILE: insist on "" for enable-without-file
+Daniel Stenberg (1 Nov 2022)
- The former way that also suggested using a non-existing file to just
- enable the cookie engine could lead to developers maybe a bit carelessly
- guessing a file name that will not exist, and then in a future due to
- circumstances, such a file could be made to exist and then accidentally
- libcurl would read cookies not actually meant to.
+- lib1301: unit103 turned into a libtest
- Reported-by: Trail of bits
+ It is not a unit test so moved over to libtests.
- Closes #9654
+- strcase: use curl_str(n)equal for case insensitive matches
-- tests/Makefile: remove run time stats from ci-test
+ No point in having two entry points for the same functions.
- The ci-test is the normal makefile target invoked in CI jobs. This has
- been using the -r option to runtests.pl since a long time, but I find
- that it mostly just adds many lines to the test output report without
- anyone caring much about those stats.
+ Also merged the *safe* function treatment into these so that they can
+ also be used when one or both pointers are NULL.
- Remove it.
+ Closes #9837
- Closes #9656
+- README.md: remove badges and xmas-tree garnish
-Patrick Monnerat (6 Oct 2022)
+ URL: https://curl.se/mail/lib-2022-10/0050.html
-- tool: reorganize function c_escape around a dynbuf
+ Closes #9833
- This is a bit shorter and a lot safer.
+Patrick Monnerat (1 Nov 2022)
- Substrings of unescaped characters are added by a single call to reduce
- overhead.
+- gen.pl: do not generate CURLHELP bitmask lines > 79 characters
- Extend test 1465 to handle more kind of escapes.
+ If a command line option is in many help categories, there is a risk
+ that CURLHELP bitmask source lines generated for listhelp are longer
+ than 79 characters.
- Closes #9653
+ This change takes care of folding such long lines.
-Jay Satiro (5 Oct 2022)
+ Cloes #9834
-- CURLOPT_HTTPPOST.3: bolden the deprecation notice
+Marc Hoersken (30 Oct 2022)
- Ref: https://github.com/curl/curl/pull/9621
+- CI/cirrus: remove superfluous double-quotes and sudo
- Closes https://github.com/curl/curl/pull/9637
+ Follow up to #9565 and #9677
+ Closes #9738
-John Bampton (5 Oct 2022)
+- tests/sshserver.pl: re-enable ssh-rsa while using openssh 8.8+
-- misc: fix spelling in docs and comments
+ Ref: #9738
- also: remove outdated sentence
+Daniel Stenberg (30 Oct 2022)
- Closes #9644
+- style: use space after comment start and before comment end
-Patrick Monnerat (5 Oct 2022)
+ /* like this */
-- tool: avoid generating ambiguous escaped characters in --libcurl
+ /*not this*/
- C string hexadecimal-escaped characters may have more than 2 digits.
- This results in a wrong C compiler interpretation of a 2-digit escaped
- character when followed by an hex digit character.
+ checksrc is updated accordingly
- The solution retained here is to represent such characters as 3-digit
- octal escapes.
+ Closes #9828
- Adjust and extend test 1465 for this case.
+Patrick Schlangen (30 Oct 2022)
- Closes #9643
+- docs: remove performance note in CURLOPT_SSL_VERIFYPEER
-Daniel Stenberg (5 Oct 2022)
+ This note became obsolete since PR #7892 (see also discussion in the PR
+ comments).
-- configure: the ngtcp2 option should default to 'no'
+ Closes #9832
- While still experimental.
+Daniel Stenberg (30 Oct 2022)
- Bug: https://curl.se/mail/lib-2022-10/0007.html
- Reported-by: Daniel Hallberg
+- tests/server: make use of strcasecompare from lib/
- Closes #9650
+ ... instead of having a second private implementation.
-- CURLOPT_MIMEPOST.3: add an (inline) example
+ Idea triggered by #9830
- Reported-by: Jay Satiro
- Bug: https://github.com/curl/curl/pull/9637#issuecomment-1268070723
+ Closes #9831
- Closes #9649
+- curl: timeout in the read callback
-Viktor Szakats (5 Oct 2022)
+ The read callback can timeout if there's nothing to read within the
+ given maximum period. Example use case is when doing "curl -m 3
+ telnet://example.com" or anything else that expects input on stdin or
+ similar that otherwise would "hang" until something happens and then not
+ respect the timeout.
-- Makefile.m32: exclude libs & libpaths for shared mode exes [ci skip]
+ This fixes KNOWN_BUG 8.1, first filed in July 2009.
- Exclude linker flags specifying depedency libs and libpaths, when
- building against `libcurl.dll`. In such case these options are not
- necessary (but may cause errors if not/wrongly configured.)
+ Bug: https://sourceforge.net/p/curl/bugs/846/
- Also move and reword a comment on `CPPFLAGS` to not apply to
- `UNICODE` options. These are necessary for all build targets.
+ Closes #9815
- Closes #9651
+- noproxy: fix tail-matching
-Jay Satiro (5 Oct 2022)
+ Also ignore trailing dots in both host name and comparison pattern.
-- runtests: fix uninitialized value on ignored tests
-
- - Don't show TESTFAIL message (ie tests failed which aren't ignored) if
- only ignored tests failed.
-
- Before:
- IGNORED: failed tests: 571 612 1056
- TESTDONE: 1214 tests out of 1217 reported OK: 99%
- Use of uninitialized value $failed in concatenation (.) or string at
- ./runtests.pl line 6290.
- TESTFAIL: These test cases failed:
-
- After:
- IGNORED: failed tests: 571 612 1056
- TESTDONE: 1214 tests out of 1217 reported OK: 99%
-
- Closes https://github.com/curl/curl/pull/9648
-
-- cirrus: use make LDFLAGS=-all-static instead of curl_LDFLAGS
-
- - Correct the use of -all-static for static Windows CI builds.
-
- curl_LDFLAGS was removed from the makefile when metalink support was
- removed. LDFLAGS=-all-static is passed to make only, because it is not a
- valid option for configure compilation tests.
-
- Closes https://github.com/curl/curl/pull/9633
-
-Viktor Szakats (4 Oct 2022)
-
-- Makefile.m32: fix regression with tool_hugehelp [ci skip]
-
- In a recent commit I mistakenly deleted this logic, after seeing a
- reference to a filename ending with `.cvs` and thinking it must have
- been long gone. Turns out this is an existing file. Restore the rule
- and the necessary `COPY` definitions with it.
-
- The restored logic is required for a successful build on a bare source
- tree (as opposed to a source release tarball).
-
- Also shorten an existing condition similar to the one added in this
- patch.
-
- Regression since 07a0047882dd3f1fbf73486c5dd9c15370877ad6
-
- Closes #9645
-
-- Makefile.m32: deduplicate build rules [ci skip]
-
- After this patch, we reduce the three copies of most `Makefile.m32`
- logic to one. This now resides in `lib/Makefile.m32`. It makes future
- updates easier, the code shorter, with a small amount of added
- complexity.
-
- `Makefile.m32` reduction:
-
- | | bytes | LOC total | blank | comment | code |
- |-------------------|-------:|----------:|-------:|---------:|------:|
- | 7.85.0 | 34772 | 1337 | 79 | 192 | 1066 |
- | before this patch | 17601 | 625 | 62 | 106 | 457 |
- | after this patch | 11680 | 392 | 52 | 104 | 236 |
-
- Details:
-
- - Change rules to create objects for the `v*` subdirs in the `lib` dir.
- This allows to use a shared compile rule and assumes that filenames
- are not (and will not be) colliding across these directories.
- `Makefile.m32` now also stores a list of these subdirs. They are
- changing rarely though.
-
- - Sync as much as possible between the three `Makefile.m32` scripts'
- rules and their source/target sections.
-
- - After this patch `CPPFLAGS` are all applied to the `src` sources once
- again. This matches the behaviour of cmake/autotools. Only zlib ones
- are actually required there.
-
- - Use `.rc` names from `Makefile.inc` instead of keeping a duplicate.
-
- - Change examples to link `libcurl.dll` by default. This makes building
- trivial, even as a cross-build:
- `CC=x86_64-w64-mingw32-gcc make -f Makefile.m32`
- To run them, you need to move/copy or add-to-path `libcurl.dll`.
- You can select static mode via `CFG=-static`.
-
- - List more of the `Makefile.m32` config variables.
-
- - Drop `.rc` support from examples. It made it fragile without much
- benefit.
-
- - Include a necessary system lib for the `externalsocket.c` example.
-
- - Exclude unnecessary systems libs when building in `-dyn` mode.
-
- Closes #9642
-
-Daniel Stenberg (4 Oct 2022)
-
-- RELEASE-NOTES: synced
-
-- CURLOPT_COOKIELIST.3: fix formatting mistake
-
- Also, updated manpage-syntax.pl to make it detect this error in test
- 1173.
-
- Reported-by: ProceduralMan on github
- Fixes #9639
- Closes #9640
-
-Jay Satiro (4 Oct 2022)
-
-- connect: change verbose IPv6 address:port to [address]:port
-
- - Use brackets for the IPv6 address shown in verbose message when the
- format is address:port so that it is less confusing.
-
- Before: Trying 2606:4700:4700::1111:443...
- After: Trying [2606:4700:4700::1111]:443...
-
- Bug: https://curl.se/mail/archive-2022-02/0041.html
- Reported-by: David Hu
-
- Closes #9635
-
-Viktor Szakats (3 Oct 2022)
-
-- Makefile.m32: major rework [ci skip]
-
- This patch overhauls `Makefile.m32` scripts, fixing a list of quirks,
- making its behaviour and customization envvars align better with other
- build systems, aiming for less code, that is easier to read, use and
- maintain.
-
- Details:
- - Rename customization envvars:
- `CURL_CC` -> `CC`
- `CURL_RC` -> `RC`
- `CURL_AR` -> `AR`
- `CURL_LDFLAG_EXTRAS_DLL` -> `CURL_LDFLAGS_LIB`
- `CURL_LDFLAG_EXTRAS_EXE` -> `CURL_LDFLAGS_BIN`
- - Drop `CURL_STRIP` and `CURL_RANLIB`. These tools are no longer used.
- - Accept `CFLAGS`, `CPPFLAGS`, `RCFLAGS`, `LDFLAGS` and `LIBS` envvars.
- - Drop `CURL_CFLAG_EXTRAS`, `CURL_LDFLAG_EXTRAS`, `CURL_RCFLAG_EXTRAS` in
- favor of the above.
- - Do not automatically enable `zlib` with `libssh2`. `zlib` is optional
- with `libssh2`.
- - Omit unnecessary `CPPFLAGS` options when building `curl.exe` and
- examples.
- - Drop support for deprecated `-winssl` `CFG` option. Use `-schannel`
- instead.
- - Avoid late evaluation where not necessary (`=` -> `:=`).
- - Drop support for `CURL_DLL_A_SUFFIX` to override the implib suffix.
- Instead, use the standard naming scheme by default: `libcurl.dll.a`.
- The toolchain recognizes the name, and selects it automatically when
- asking for a `-shared` vs. `-static` build.
- - Stop applying `strip` to `libcurl.a`. Follow-up from
- 16a58e9f93c7e89e1f87720199388bcfcfa148a4. There was no debug info to
- strip since then.
- - Stop setting `-O3`, `-W`, `-Wall` options. You can add these to
- `CFLAGS` as desired.
- - Always enable `-DCURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG` with OpenSSL,
- to avoid that vulnerability on Windows.
- - Add `-lbrotlicommon` to `LIBS` when using `brotli`.
- - Do not enable `-nghttp3` without `-ngtcp2`.
- - `-ssh2` and `-rtmp` options no longer try to auto-select a TLS-backend.
- You need to set the backend explicitly. This scales better and avoids
- issues with certain combinations (e.g. `libssh2` + `wolfssl` with no
- `schannel`).
- - Default to OpenSSL TLS-backend with `ngtcp2`. Possible to override via
- `NGTCP2_LIBS`.
- - Old, alternate method of enabling components (e.g. `SSH2=1`) no longer
- supported.
- - Delete `SPNEGO` references. They were no-ops.
- - Drop support for Win9x environments.
- - Allow setting `OPENSSL_LIBS` independently from `OPENSSL_LIBPATH`.
- - Support autotools/CMake `libssh2` builds by default.
- - Respect `CURL_DLL_SUFFIX` in `-dyn` mode when building `curl.exe` and
- examples.
- - Assume standard directory layout with `LIBCARES_PATH`. (Instead of the
- long gone embedded one.)
- - Stop static linking with c-ares by default. Add
- `CPPFLAGS=-DCARES_STATICLIB` to enable it.
- - Reorganize internal layout to avoid redundancy and emit clean diffs
- between src/lib and example make files.
- - Delete unused variables.
- - Code cleanups/rework.
- - Comment and indentation fixes.
-
- Closes #9632
-
-- scripts/release-notes.pl: strip ci skip tag [ci skip]
-
- Ref: https://github.com/curl/curl/commit/e604a82cae922bf86403a94f5803ac5e4303
- ae97#commitcomment-85637701
-
- Reviewed-by: Daniel Stenberg
-
- Closes #9634
-
-- Makefile.m32: delete legacy component bits [ci skip]
-
- - Drop auto-detection of OpenSSL 1.0.2 and earlier. Now always defaulting
- to OpenSSL 1.1.0 and later, LibreSSL and BoringSSL.
-
- - Drop `Invalid path to OpenSSL package` detection. OpenSSL has been
- using a standard file layout since 1.1.0, so this seems unnecessary
- now.
-
- - Drop special logic to enable Novell LDAP SDK support.
-
- - Drop special logic to enable OpenLDAP LDAP SDK support. This seems
- to be distinct from native OpenLDAP, with support implemented inside
- `lib/ldap.c` (vs. `lib/openldap.c`) back when the latter did not exist
- yet in curl.
-
- - Add `-lwldap32` only if there is no other LDAP library (either native
- OpenLDAP, or SDKs above) present.
-
- - Update `doc/INSTALL.md` accordingly.
-
- After this patch, it's necessary to make configration changes when using
- OpenSSL 1.0.2 or earlier, or the two LDAP SDKs.
-
- OpenSSL 1.0.2 and earlier:
- ```
- export OPENSSL_INCLUDE = <path-to-openssl>/outinc
- export OPENSSL_LIBPATH = <path-to-openssl>/out
- export OPENSSL_LIBS = -lssl32 -leay32 -lgdi32
- ```
-
- Novell LDAP SDK, previously enabled via `USE_LDAP_NOVELL=1`:
- ```
- export CURL_CFLAG_EXTRAS = -I<path-to-sdk>/inc -DCURL_HAS_NOVELL_LDAPSDK
- export CURL_LDFLAG_EXTRAS = -L<path-to-sdk>/lib/mscvc -lldapsdk -lldapssl -ll
- dapx
- ```
-
- OpenLDAP LDAP SDK, previously enabled via `USE_LDAP_OPENLDAP=1`:
- ```
- export CURL_CFLAG_EXTRAS = -I<path-to-sdk>/include -DCURL_HAS_OPENLDAP_LDAPSD
- K
- export CURL_LDFLAG_EXTRAS = -L<path-to-sdk>/lib -lldap -llber
- ```
-
- I haven't tested these scenarios, and in general we recommend using
- a recent OpenSSL release. Also, WinLDAP (the Windows default) and
- OpenLDAP (via `-DUSE_OPENLDAP`) are the LDAP options actively worked on
- in curl.
-
- Closes #9631
-
-Daniel Stenberg (2 Oct 2022)
-
-- vauth/ntlm.h: make line shorter than 80 columns
-
- Follow-up from 265fbd937
-
-Viktor Szakats (1 Oct 2022)
-
-- docs: update sourceforge project links [ci skip]
-
- SourceForge projects can now choose between two hostnames, with .io and
- .net ending. Both support HTTPS by default now. Opening the other variant
- will perm-redirected to the one chosen by the project.
-
- The .io -> .net redirection is done insecurely.
-
- Let's update the URLs to point to the current canonical endpoints to
- avoid any redirects.
-
- Closes #9630
-
-Daniel Stenberg (1 Oct 2022)
-
-- curl_url_set.3: document CURLU_APPENDQUERY proper
-
- Listed among the other supported flags.
-
- Reported-by: Robby Simpson
- Fixes #9628
- Closes #9629
+ Regression in 7.86.0 (from 1e9a538e05c0)
-Viktor Szakats (1 Oct 2022)
+ Extended test 1614 to verify better.
-- Makefile.m32: cleanups and fixes [ci skip]
+ Reported-by: Henning Schild
+ Fixes #9821
+ Closes #9822
- - Add `-lcrypt32` once, and add it always for simplicity.
- - Delete broken link and reference to the pre-Vista WinIDN add-on.
- MS no longer distribute it.
- - Delete related `WINIDN_PATH` option. IDN is a system lib since Vista.
- - Sync `LIBCARES_PATH` default with the rest of dependencies.
- - Delete version numbers from dependency path defaults.
- - `libgsasl` package is now called `gsasl`.
- - Delete `libexpat` and `libxml2` references. No longer used by curl.
- - Delete `Edit the path below...` comments. We recommend to predefine
- those envvars instead.
- - `libcares.a` is not an internal dependency anymore. Stop using it as
- such.
- - `windres` `--include-dir` -> `-I`, `-F` -> `--target=` for readability.
- - Delete `STRIP`, `CURL_STRIP`, `AR` references from `src/Makefile.m32`.
- They were never used.
- - Stop to `clean` some objects twice in `src/Makefile.m32`.
- - Delete cvs-specific leftovers.
- - Finish resource support in examples make file.
- - Delete `-I<root>/lib` from examples make file.
- - Fix copyright start year in examples make file.
- - Delete duplicate `ftpuploadresume` input in examples make file.
- - Sync OpenSSL lib order, `SYNC` support, `PROOT` use, dependency path
- defaults, variables names and other internal bits between the three
- make files.
- - `lib/Makefile.m32` accepted custom options via `DLL_LIBS` envvar. This
- was lib-specific and possibly accidental. Use `CURL_LDFLAG_EXTRAS_DLL`
- envvar for the same effect.
- - Fix linking `curl.exe` and examples to wrong static libs with
- auto-detected OpenSSL 1.0.2 or earlier.
- - Add `-lgdi32` for OpenSSL 1.0.2 and earlier only.
- - Add link to Novell LDAP SDK and use a relative default path. Latest
- version is from 2016, linked to an outdated OpenSSL 1.0.1.
- - Whitespace and comment cleanups.
+- docs: explain the noproxy CIDR notation support
- TODO in a next commit:
+ Follow-up to 1e9a538e05c0107c
- Delete built-in detection/logic for OpenSSL 1.0.2 and earlier, the Novell
- LDAP SDK and the other LDAP SDK (which is _not_ OpenLDAP). Write up the
- necessary custom envvars to configure them.
+ Closes #9818
- Closes #9616
+Jon Rumsey (27 Oct 2022)
-Daniel Stenberg (30 Sep 2022)
+- os400: use platform socklen_t in Curl_getnameinfo_a
-- RELEASE-NOTES: synced
+ Curl_getnameinfo_a() is prototyped before including curl.h as an
+ ASCII'fied wrapper for getnameinfo(), which itself is prototyped with
+ socklen_t arguments, so this should use the platform socklen_t and not
+ curl_socklen_t too.
-Matt Holt (30 Sep 2022)
+ Update setup-os400.h
-- HTTP3.md: update Caddy example
+ Fixes #9811
+ Closes #9812
- Closes #9623
+Daniel Stenberg (27 Oct 2022)
-Daniel Stenberg (30 Sep 2022)
+- noproxy: also match with adjacent comma
-- easy: fix the altsvc init for curl_easy_duphandle
+ If the host name is an IP address and the noproxy string contained that
+ IP address with a following comma, it would erroneously not match.
- It was using the old #ifdef which nothing sets anymore
+ Extended test 1614 to verify this combo as well.
- Closes #9624
+ Reported-by: Henning Schild
-- GHA: build tests in a separate step from the running of them
+ Fixes #9813
+ Closes #9814
- ... to make the output smaller for when you want to look at test
- failures.
+Randall S. Becker (27 Oct 2022)
- Removed the examples build from msh3
+- build: fix for NonStop
- Closes #9619
+ - Include arpa/inet.h in all units where htonl is called.
-Viktor Szakats (29 Sep 2022)
+ Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
-- ldap: delete stray CURL_HAS_MOZILLA_LDAP reference
+ Closes https://github.com/curl/curl/pull/9816
- Added in 68b215157fdf69612edebdb220b3804822277822, while adding openldap
- support. This is also the single mention of this constant in the source
- tree and also in that commit. Based on these, it seems like an accident.
+- system.h: support 64-bit curl_off_t for NonStop 32-bit
- Delete this reference.
+ - Correctly define curl_off_t on NonStop (ie __TANDEM) ia64 and x86 for
+ 32-bit builds.
- Reviewed-by: Daniel Stenberg
+ Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>
- Closes #9625
+ Closes https://github.com/curl/curl/pull/9817
-- docs: spelling nits
+Daniel Stenberg (27 Oct 2022)
- - MingW -> MinGW (Minimalist GNU for Windows)
- - f.e. -> e.g.
- - some whitespace and punctuation.
+- spellcheck.words: remove 'github' as an accepted word
- Reviewed-by: Daniel Stenberg
+ Prefer the properly cased version: GitHub
- Closes #9622
+ Use markdown for links and GitHub in text.
-Philip Heiduck (29 Sep 2022)
+ Closes #9810
-- cirrus-ci: add macOS build with m1
+Ayesh Karunaratne (27 Oct 2022)
- Signed-off-by: Philip H <47042125+pheiduck@users.noreply.github.com>
+- misc: typo and grammar fixes
- Closes #9565
+ - Replace `Github` with `GitHub`.
+ - Replace `windows` with `Windows`
+ - Replace `advice` with `advise` where a verb is used.
+ - A few fixes on removing repeated words.
+ - Replace `a HTTP` with `an HTTP`
-Patrick Monnerat (29 Sep 2022)
+ Closes #9802
-- lib: sanitize conditional exclusion around MIME
+Viktor Szakats (27 Oct 2022)
- The introduction of CURL_DISABLE_MIME came with some additional bugs:
- - Disabled MIME is compiled-in anyway if SMTP and/or IMAP is enabled.
- - CURLOPT_MIMEPOST, CURLOPT_MIME_OPTIONS and CURLOPT_HTTPHEADER are
- conditioned on HTTP, although also needed for SMTP and IMAP MIME mail
- uploads.
+- windows: fix linking .rc to shared curl with autotools
- In addition, the CURLOPT_HTTPHEADER and --header documentation does not
- mention their use for MIME mail.
+ `./configure --enable-shared --disable-static` fails when trying to link
+ a shared `curl.exe`, due to `libtool` magically changing the output
+ filename of `windres` to one that it doesn't find when linking:
- This commit fixes the problems above.
+ ```
+ /bin/sh ../libtool --tag=RC --mode=compile windres -I../../curl/include -DCUR
+ L_EMBED_MANIFEST -i ../../curl/src/curl.rc -o curl.o
+ libtool: compile: windres -I../../curl/include -DCURL_EMBED_MANIFEST -i ../.
+ ./curl/src/curl.rc -o .libs/curl.o
+ [...]
+ CCLD curl.exe
+ clang: error: no such file or directory: 'curl.o'
+ ```
- Closes #9610
+ Let's resolve this by skipping `libtool` and calling `windres` directly
+ when building `src` (aka `curl.exe`). Leave `lib` unchanged, as it does
+ need the `libtool` magic. This solution is compatible with building
+ a static `curl.exe`.
-Thiago Suchorski (29 Sep 2022)
+ This build scenario is not CI-tested.
-- docs: minor grammar fixes
+ While here, delete an obsolete comment about a permanent `libtool`
+ warning that we've resolved earlier.
- Closes #9609
+ Regression from 6de7322c03d5b4d91576a7d9fc893e03cc9d1057
-Daniel Stenberg (28 Sep 2022)
+ Reported-by: Christoph Reiter
+ Fixes #9803
+ Closes #9805
-- CURLSHOPT_UNLOCKFUNC.3: the callback as no 'access' argument
+- cmake: really enable warnings with clang
- Probably a copy and paste error from the lock function man page.
+ Even though `PICKY_COMPILER=ON` is the default, warnings were not
+ enabled when using llvm/clang, because `CMAKE_COMPILER_IS_CLANG` was
+ always false (in my tests at least).
- Reported-by: Robby Simpson
- Fixes #9612
- Closes #9613
+ This is the single use of this variable in curl, and in a different
+ place we already use `CMAKE_C_COMPILER_ID MATCHES "Clang"`, which works
+ as expected, so change the condition to use that instead.
-- CURLOPT_ACCEPT_ENCODING.3: remove "four" as they are five
+ Also fix the warnings uncovered by the above:
- ... instead just list the supported encodings.
+ - lib: add casts to silence clang warnings
- Reported-by: ProceduralMan on github
- Fixes #9614
- Closes #9615
+ - schannel: add casts to silence clang warnings in ALPN code
-Dan Fandrich (28 Sep 2022)
+ Assuming the code is correct, solve the warnings with a cast.
+ This particular build case isn't CI tested.
-- tests: Remove a duplicated keyword
+ There is a chance the warning is relevant for some platforms, perhaps
+ Windows 32-bit ARM7.
-- docs: document more server names for test files
+ Closes #9783
-Daniel Stenberg (28 Sep 2022)
+Joel Depooter (26 Oct 2022)
-- altsvc: reject bad port numbers
+- sendf: remove unnecessary if condition
- The existing code tried but did not properly reject alternative services
- using negative or too large port numbers.
+ At this point, the psnd->buffer will always exist. We have already
+ allocated a new buffer if one did not previously exist, and returned
+ from the function if the allocation failed.
- With this fix, the logic now also flushes the old entries immediately
- before adding a new one, making a following header with an illegal entry
- not flush the already stored entry.
+ Closes #9801
- Report from the ongoing source code audit by Trail of Bits.
+Viktor Szakats (26 Oct 2022)
- Adjusted test 356 to verify.
+- winidn: drop WANT_IDN_PROTOTYPES
- Closes #9607
+ `WANT_IDN_PROTOTYPES` was necessary to avoid using a header that came
+ via an optional package. MS stopped distributing this package some
+ years ago and the winidn definitions are part of standard headers (via
+ `windows.h`) since Vista.
-- functypes: provide the recv and send arg and return types
+ Auto-detect Vista inside `lib/idn_win32.c` and enable the manual
+ definitions if building for an older Windows.
- This header is for providing the argument types for recv() and send()
- when built to not use a dedicated config-[platfor].h file.
+ This allows to delete this manual knob from all build-systems.
- Remove the slow brute-force checks from configure and cmake.
+ Also drop the `_SAL_VERSION` sub-case:
- This change also removes the use of the types for select, as they were
- not used in code.
+ Our manual definitions are now only enabled with old systems. We assume
+ that code analysis is not run on such systems, allowing us to delete the
+ SAL-friendly flavour of these.
- Closes #9592
+ Reviewed-by: Jay Satiro
+ Closes #9793
-- urlapi: reject more bad characters from the host name field
+Daniel Stenberg (26 Oct 2022)
- Extended test 1560 to verify
+- misc: remove duplicated include files
- Report from the ongoing source code audit by Trail of Bits.
+ Closes #9796
- Closes #9608
+- scripts/checksrc.pl: detect duplicated include files
-- configure: deprecate builds with small curl_off_t
+ After an idea by Dan Fandrich in #9794
- If curl_off_t turns out to be smaller than 8 bytes,
- --with-n64-deprecated needs to be used to allow the build to
- continue. This is to highlight the fact that support for such builds is
- going away next year.
+ Closes #9796
- Also mentioned in DEPRECATED.md
+- RELEASE-NOTES: synced
- Closes #9605
+ And bumped version to 7.86.1 for now
-Patrick Monnerat (27 Sep 2022)
+- CURLMOPT_SOCKETFUNCTION.3: clarify CURL_POLL_REMOVE
-- http, vauth: always provide Curl_allow_auth_to_host() functionality
+ The removal is brief or long, don't assume.
- This function is currently located in the lib/http.c module and is
- therefore disabled by the CURL_DISABLE_HTTP conditional token.
+ Reported-by: Luca Niccoli
- As it may be called by TLS backends, disabling HTTP results in an
- undefined reference error at link time.
+ Fixes #9799
+ Closes #9800
- Move this function to vauth/vauth.c to always provide it and rename it
- as Curl_auth_allowed_to_host() to respect the vauth module naming
- convention.
+Version 7.86.0 (26 Oct 2022)
- Closes #9600
+Daniel Stenberg (26 Oct 2022)
-Daniel Stenberg (27 Sep 2022)
+- RELEASE: synced
-- ngtcp2: fix C89 compliance nit
+ The 7.86.0 release
-- openssl: make certinfo available for QUIC
+- THANKS: added from the 7.86.0 release
- Curl_ossl_certchain() is now an exported function in lib/vtls/openssl.c that
- can also be used from quiche.c and ngtcp2.c to get the cert chain for QUIC
- connections as well.
+Viktor Szakats (25 Oct 2022)
- The *certchain function was moved to the top of the file for this reason.
+- noproxy: include netinet/in.h for htonl()
- Reported-by: Eloy Degen
- Fixes #9584
- Closes #9597
+ Solve the Amiga build warning by including `netinet/in.h`.
-- RELEASE-NOTES: synced
+ `krb5.c` and `socketpair.c` are using `htonl()` too. This header is
+ already included in those sources.
-- DEPRECATE.md: Support for systems without 64 bit data types
+ Regression from 1e9a538e05c0107c54ef81d9de7cd0b27cd13309
- Closes #9604
+ Reviewed-by: Daniel Stenberg
+ Closes #9787
-Patrick Monnerat (27 Sep 2022)
+Marc Hoersken (24 Oct 2022)
-- tests: skip mime/form tests when mime is not built-in
+- CI: fix AppVeyor status failing for starting jobs
- Closes #9596
+Daniel Stenberg (24 Oct 2022)
-Daniel Stenberg (27 Sep 2022)
+- test445: verifies the protocols-over-http-proxy flaw and fix
-- url: rename function due to name-clash in Watt-32
+- http_proxy: restore the protocol pointer on error
- Follow-up to 2481dbe5f4f58 and applies the change the way it was
- intended.
+ Reported-by: Trail of Bits
-Viktor Szakats (26 Sep 2022)
+ Closes #9790
-- windows: adjust name of two internal public functions
+- multi: remove duplicate include of connect.h
- According to `docs/INTERNALS.md`, internal function names spanning source
- files start with uppercase `Curl_`. Bring these two functions in
- alignment with this.
+ Reported-by: Martin Strunz
+ Fixes #9794
+ Closes #9795
- This also stops exporting them from `libcurl.dll` in autotools builds.
+Daniel Gustafsson (24 Oct 2022)
- Reviewed-by: Daniel Stenberg
+- idn: fix typo in test description
- Closes #9598
+ s/enabked/enabled/i
-Gisle Vanem (26 Sep 2022)
+Daniel Stenberg (24 Oct 2022)
-- url: rename function due to name-clash in Watt-32
+- url: use IDN decoded names for HSTS checks
- Since the commit 764c958c52edb427f39, there was a new function called
- resolve_ip(). This clashes with an internal function in Watt-32.
+ Reported-by: Hiroki Kurosawa
- Closes #9585
+ Closes #9791
-Jay Satiro (26 Sep 2022)
+- unit1614: fix disabled-proxy build
-- schannel: ban server ALPN change during recv renegotiation
+ Follow-up to 1e9a538e05c01
- By the time schannel_recv is renegotiating the connection, libcurl has
- already decided on a protocol and it is too late for the server to
- select a protocol via ALPN except for the originally selected protocol.
+ Closes #9792
- Ref: https://github.com/curl/curl/issues/9451
+Daniel Gustafsson (24 Oct 2022)
- Closes https://github.com/curl/curl/pull/9463
+- cookies: optimize control character check
-Daniel Stenberg (26 Sep 2022)
+ When checking for invalid octets the strcspn() call will return the
+ position of the first found invalid char or the first NULL byte.
+ This means that we can check the indicated position in the search-
+ string saving a strlen() call.
-- url: a zero-length userinfo part in the URL is still a (blank) user
+ Closes: #9736
+ Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
- Adjusted test 1560 to verify
+Daniel Stenberg (24 Oct 2022)
- Reported-by: Jay Satiro
+- netrc: replace fgets with Curl_get_line
- Fixes #9088
- Closes #9590
+ Make the parser only accept complete lines and avoid problems with
+ overly long lines.
-Viktor Szakats (25 Sep 2022)
+ Reported-by: Hiroki Kurosawa
-- autotools: allow --enable-symbol-hiding with windows
+ Closes #9789
- This local autotools logic was put in place in
- 9e24b9c7afbcb81120af4cf3f6cdee49a06d8224 (in 2012) which disabled it for
- Windows unconditionally. Testing reveals that it actually works with
- tested toolchains (mingw-w64 and CI ones), so let's allow this build
- feature on that platform. Bringing this in sync with CMake, which already
- supported this.
+- RELEASE-NOTES: add "Planned upcoming removals include"
- Reviewed-by: Jay Satiro
+ URL: https://curl.se/mail/archive-2022-10/0001.html
- Closes #9586
+ Suggested-by: Dan Fandrich
-- autotools: reduce brute-force when detecting recv/send arg list
+Viktor Szakats (23 Oct 2022)
- autotools uses brute-force to detect `recv`/`send`/`select` argument
- lists, by interating through _all_ argument type combinations on each
- `./configure` run. This logic exists since
- 01fa02d0b545e1433dced2430561f8c0c72b74a9 (from 2006) and was a bit later
- extended with Windows support.
+- ci: bump to gcc-11 for macos
- This results in a worst-case number of compile + link cycles as below:
- - `recv`: 96
- - `send`: 192
- - `select`: 60
- Total: 348 (the number of curl C source files is 195, for comparison)
+ Ref: https://github.blog/changelog/2022-10-03-github-actions-jobs-running-on-
+ macos-latest-are-now-running-on-macos-12/
+ Ref: https://github.com/actions/runner-images/blob/main/images/macos/macos-12
+ -Readme.md
- Notice that e.g. curl-for-win autotools builds require two `./configure`
- invocations, doubling these numbers.
+ Reviewed-by: Max Dymond
+ Closes #9785
- `recv` on Windows was especially unlucky because `SOCKET` (the correct
- choice there) was listed _last_ in one of the outer trial loops. This
- resulted in lengthy waits while autotools was trying all invalid
- combinations first, wasting cycles, disk writes and slowing down
- iteration.
+- Makefile.m32: reintroduce CROSSPREFIX and -W -Wall [ci skip]
- This patch reduces the amount of idle work by reordering the tests in
- a way to succeed first on a well-known platform such as Windows, and
- also on non-Windows by testing for POSIX prototypes first, on the
- assumption that these are the most likely candidates these days. (We do
- not touch `select`, where the order was already optimal for these
- platforms.)
+ - Reintroduce `CROSSPREFIX`:
- For non-Windows, this means to try a return value of `ssize_t` first,
- then `int`, reordering the buffer argument type to try `void *` first,
- then `byte *`, and prefer the `const` flavor with `send`. If we are
- here, also stop testing for `SOCKET` type in non-Windows builds.
+ If set, we add it to the `CC` and `AR` values, and to the _default_
+ value of `RC`, which is `windres`. This allows to control each of
+ these individidually, while also allowing to simplify configuration
+ via `CROSSPREFIX`.
- After the patch, detection on Windows is instantaneous. It should also be
- faster on popular platforms such as Linux and BSD-based ones.
+ This variable worked differently earlier. Hopefully this new solution
+ hits a better compromise in usefulness/complexity/flexibility.
- If there are known-good variations for other platforms, they can also be
- fast-tracked like above, given a way to check for that platform inside
- the autotools logic.
+ Follow-up to: aa970c4c08775afcd0c2853be89b0a6f02582d50
- Reviewed-by: Daniel Stenberg
+ - Enable warnings again:
- Closes #9591
+ This time with an option to override it via `CFLAGS`. Warnings are
+ also enabled by default in CMake, `makefile.dj` and `makefile.amiga`
+ builds (not in autotools though).
-Daniel Stenberg (23 Sep 2022)
+ Follow-up to 10fbd8b4e3f83b967fd9ad9a41ab484c0e7e7ca3
-- TODO: Provide the error body from a CONNECT response
+ Closes #9784
- Spellchecked-by: Jay Satiro
+- noproxy: silence unused variable warnings with no ipv6
- Closes #9513
- Closes #9581
+ Follow-up to 36474f1050c7f4117e3c8de6cc9217cfebfc717d
-Viktor Szakats (23 Sep 2022)
+ Reviewed-by: Daniel Stenberg
+ Closes #9782
-- windows: autotools .rc warnings fixup
+Daniel Stenberg (22 Oct 2022)
- Move `LT_LANG([Windows Resource])` after `XC_LIBTOOL`, fixing:
+- test644: verify --xattr (with redirect)
- - Warnings when running `autoreconf -fi`.
+- tool_xattr: save the original URL, not the final redirected one
- - Warning when compiling .rc files:
- libtool: compile: unable to infer tagged configuration
- libtool: error: specify a tag with '--tag'
+ Adjusted test 1621 accordingly.
- Follow up to 6de7322c03d5b4d91576a7d9fc893e03cc9d1057
- Ref: https://github.com/curl/curl/pull/9521#issuecomment-1256291156
+ Reported-by: Viktor Szakats
+ Fixes #9766
+ Closes #9768
- Suggested-by: Patrick Monnerat
- Closes #9582
+- docs: make sure libcurl opts examples pass in long arguments
-Randall S. Becker (23 Sep 2022)
+ Reported-by: Sergey
+ Fixes #9779
+ Closes #9780
-- curl_setup: disable use of FLOSS for 64-bit NonStop builds
+Marc Hoersken (21 Oct 2022)
- Older 32-bit builds currently need FLOSS. This dependency may be removed
- in future OS releases.
+- CI: fix AppVeyor job links only working for most recent build
- Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>
+ Ref: https://github.com/curl/curl/pull/9768#issuecomment-1286675916
+ Reported-by: Daniel Stenberg
- Closes #9575
+ Follow up to #9769
-Patrick Monnerat (23 Sep 2022)
+Viktor Szakats (21 Oct 2022)
-- tool: remove dead code
+- noproxy: fix builds without AF_INET6
- Add a debug assertion to verify protocols included/excluded in a set
- are always tokenized.
+ Regression from 1e9a538e05c0107c54ef81d9de7cd0b27cd13309
- Follow-up to commit 677266c.
+ Reviewed-by: Daniel Stenberg
- Closes #9576
+ Closes #9778
-- lib: prepare the incoming of additional protocols
+Daniel Stenberg (21 Oct 2022)
- Move the curl_prot_t to its own conditional block. Introduce symbol
- PROTO_TYPE_SMALL to control it.
+- noproxy: support proxies specified using cidr notation
- Fix a cast in a curl_prot_t assignment.
- Remove an outdated comment.
+ For both IPv4 and IPv6 addresses. Now also checks IPv6 addresses "correctly"
+ and not with string comparisons.
- Follow-up to cd5ca80.
+ Split out the noproxy checks and functionality into noproxy.c
- Closes #9534
+ Added unit test 1614 to verify checking functions.
-Daniel Stenberg (23 Sep 2022)
+ Reported-by: Mathieu Carbonneaux
-- msh3: change the static_assert to make the code C89
+ Fixes #9773
+ Fixes #5745
+ Closes #9775
-- bearssl: make it proper C89 compliant
+- urlapi: remove two variable assigns
-- curl-compilers.m4: for gcc + want warnings, set gnu89 standard
+ To please scan-build:
- To better verify that the code is C89
+ urlapi.c:1163:9: warning: Value stored to 'qlen' is never read
+ qlen = Curl_dyn_len(&enc);
+ ^ ~~~~~~~~~~~~~~~~~~
+ urlapi.c:1164:9: warning: Value stored to 'query' is never read
+ query = u->query = Curl_dyn_ptr(&enc);
+ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Closes #9542
+ Follow-up to 7d6cf06f571d57
-Patrick Monnerat (22 Sep 2022)
+ Closes #9777
-- lib517: fix C89 constant signedness
+Jeremy Maitin-Shepard (21 Oct 2022)
- In C89, positive integer literals that overflow an int but not an
- unsigned int may be understood as a negative int.
+- cmake: improve usability of CMake build as a sub-project
- lib517.c:129:3: warning: this decimal constant is unsigned only in ISO C90
- {"Sun, 06 Nov 2044 08:49:37 GMT", 2362034977 },
- ^
+ - Renames `uninstall` -> `curl_uninstall`
+ - Ensures all export rules are guarded by CURL_ENABLE_EXPORT_TARGET
- Closes #9572
+ Closes #9638
-Daniel Stenberg (22 Sep 2022)
+Don J Olmstead (21 Oct 2022)
-- mprintf: use snprintf if available
+- easy_lock: check for HAVE_STDATOMIC_H as well
- This is the single place in libcurl code where it uses the "native"
- s(n)printf() function. Used for writing floats. The use has been
- reviewed and vetted and uses a HUGE target buffer, but switching to
- snprintf() still makes this safer and removes build-time warnings.
+ The check for `HAVE_STDATOMIC_H` looks to see if the `stdatomic.h`
+ header is present.
- Reported-by: Philip Heiduck
+ Closes #9755
- Fixes #9569
- Closes #9570
+Daniel Stenberg (21 Oct 2022)
-- docs: tag curl options better in man pages
+- RELEASE-NOTES: synced
- As it makes them links in the HTML versions.
+Brad Harder (20 Oct 2022)
- Verified by the extended test 1176
+- CURLMOPT_PIPELINING.3: dedup manpage xref
-- symbols-in-versions: CURLOPT_ENCODING is deprecated since 7.21.6
+ Closes #9776
-- manpage-syntax.pl: all libcurl option symbols should be \fI-tagged
+Marc Hoersken (20 Oct 2022)
- ... as that makes them links to their corresponding man page.
+- CI: report AppVeyor build status for each job
- This script is used for test 1173.
+ Also give each job on AppVeyor CI a human-readable name.
- Closes #9574
+ This aims to make job and therefore build failures more visible.
-- RELEASE-NOTES: synced
+ Reviewed-by: Marcel Raad
+ Closes #9769
-Patrick Monnerat (22 Sep 2022)
+Viktor Szakats (20 Oct 2022)
-- tool: remove protocol count limitation
+- amiga: set SIZEOF_CURL_OFF_T=8 by default [ci skip]
- Replace bit mask protocol sets by null-terminated arrays of protocol
- tokens. These are the addresses of the protocol names returned by
- curl_version_info().
+ Reviewed-by: Daniel Stenberg
- Protocol names are sorted case-insensitively before output to satisfy CI
- tests matches consistency.
+ Closes #9771
- The protocol list returned by curl_version_info() is augmented with all
- RTMP protocol variants.
+- connect: fix builds without AF_INET6
- Test 1401 adjusted for new alpha ordered output.
+ Regression from 2b309560c1e5d6ed5c0e542e6fdffa968b0521c9
- Closes #9546
+ Reviewed-by: Daniel Stenberg
+ Reviewed-by: Jay Satiro
-Daniel Stenberg (22 Sep 2022)
+ Closes #9770
-- test972: verify the output without using external tool
+Daniel Stenberg (20 Oct 2022)
- It seems too restrictive to assume and use an external tool to verify
- the JSON. This now verifies the outut byte per byte. We could consider
- building a local "JSON verifyer" in a future.
+- test1105: adjust <data> to work with a hyper build
- Remove 'jsonlint' from the CI job.
+ Closes #9767
- Reported-by: Marcel Raad
- Fixes #9563
- Closes #9564
+- urlapi: fix parsing URL without slash with CURLU_URLENCODE
-- hostip: lazily wait to figure out if IPv6 works until needed
+ When CURLU_URLENCODE is set, the parser would mistreat the path
+ component if the URL was specified without a slash like in
+ http://local.test:80?-123
- The check may take many milliseconds, so now it is performed once the
- value is first needed. Also, this change makes sure that the value is
- not used if the resolve is set to be IPv4-only.
+ Extended test 1560 to reproduce and verify the fix.
- Closes #9553
+ Reported-by: Trail of Bits
-- curl.h: fix mention of wrong error code in comment
+ Closes #9763
- The same error and comment were also used and is now corrected in
- CURLOPT_SSH_KEYFUNCTION.3
+Marc Hoersken (19 Oct 2022)
-- symbol-scan.pl: scan and verify .3 man pages
+- tests: avoid CreateThread if _beginthreadex is available
- This script now also finds all .3 man pages in docs/include and
- docs/include/opts, extracts all uses of CURL* symbols and verifies that all
- symbols mentioned in docs are defined in public headers.
+ CreateThread is not threadsafe if mixed with CRT calls.
+ _beginthreadex on the other hand can be mixed with CRT.
- A "global symbol" is one of those matching a known prefix and the script make
- s
- an attempt to check all/most of them. Just using *all* symbols that match
- CURL* proved matching a little too many other references as well and turned
- difficult turning into something useful.
+ Reviewed-by: Marcel Raad
+ Closes #9705
- Closes #9544
+Joel Depooter (19 Oct 2022)
-- symbols-in-versions: add missing LIBCURL* symbols
+- schannel: Don't reset recv/send function pointers on renegotiation
-- symbol-scan.pl: also check for LIBCURL* symbols
+ These function pointers will have been set when the initial TLS
+ handshake was completed. If they are unchanged, there is no need to set
+ them again. If they have been changed, as is the case with HTTP/2, we
+ don't want to override that change. That would result in the
+ http22_recv/send functions being completely bypassed.
- Closes #9544
+ Prior to this change a connection that uses Schannel with HTTP/2 would
+ fail on renegotiation with error "Received HTTP/0.9 when not allowed".
-- docs/libcurl/symbols-in-versions: add several missing symbols
+ Fixes https://github.com/curl/curl/issues/9451
+ Closes https://github.com/curl/curl/pull/9756
-- test1119: scan all public headers
+Viktor Szakats (18 Oct 2022)
- Previously this test only scanned a subset of the headers, which made us
- accidentally miss symbols that were provided in the others. Now, the script
- iterates over all headers present in include/curl.
+- hostip: guard PF_INET6 use
- Closes #9544
+ Some platforms (e.g. Amiga OS) do not have `PF_INET6`. Adjust the code
+ for these.
-Patrick Monnerat (21 Sep 2022)
+ ```
+ hostip.c: In function 'fetch_addr':
+ hostip.c:308:12: error: 'PF_INET6' undeclared (first use in this function)
+ pf = PF_INET6;
+ ^~~~~~~~
+ ```
-- examples/chkspeed: improve portability
+ Regression from 1902e8fc511078fb5e26fc2b907b4cce77e1240d
- The example program chkspeed uses strncasecmp() which is not portable
- across systems. Replace calls to this function by tests on characters.
+ Reviewed-by: Daniel Stenberg
- Closes #9562
+ Closes #9760
-Daniel Stenberg (21 Sep 2022)
+- amiga: do not hardcode openssl/zlib into the os config [ci skip]
-- easy: fix the #include order
+ Enable them in `lib/makefile.amiga` and `src/makefile.amiga` instead.
- The mentioned "last 3 includes" order should be respected. easy_lock.h should
- be included before those three.
+ This allows builds without openssl and/or zlib. E.g. with the
+ <https://github.com/bebbo/amiga-gcc> cross-compiler.
- Reported-by: Yuriy Chernyshov
- Fixes #9560
- Closes #9561
+ Reviewed-by: Daniel Stenberg
-- docs: spellfixes
+ Closes #9762
- Pointed by the new CI job
+- amigaos: add missing curl header [ci skip]
-- GHA: spellcheck
+ Without it, `CURLcode` and `CURLE_*` are undefined. `lib/hostip.h` and
+ conditional local code need them.
- This spellchecker checks markdown files. For this reason this job
- converts all man pages in the repository to markdown with pandoc before
- the check runs.
+ Reviewed-by: Daniel Stenberg
- The perl script 'cleanspell' filters out details from the man page in
- the process, to avoid the spellchecker trying to spellcheck things it
- can't. Like curl specific symbols and the SYNOPSIS and EXAMPLE sections
- of libcurl man pages.
+ Closes #9761
- The spell checker does not check words in sections that are within pre,
- strong and em tags.
+Daniel Stenberg (18 Oct 2022)
- 'spellcheck.words' is a custom word list with additional accepted words.
+- cmdline/docs: add a required 'multi' keyword for each option
- Closes #9523
+ The keyword specifies how option works when specified multiple times:
-- connect: fix the wrong error message on connect failures
+ - single: the last provided value replaces the earlier ones
+ - append: it supports being provided multiple times
+ - boolean: on/off values
+ - mutex: flag-like option that disable anoter flag
- The "Failed to connect to" message after a connection failure would
- include the strerror message based on the presumed previous socket
- error, but in times it seems that error number is not set when reaching
- this code and therefore it would include the wrong error message.
+ The 'gen.pl' script then outputs the proper and unified language for
+ each option's multi-use behavior in the generated man page.
- The strerror message is now removed from here and the curl_easy_strerror
- error is used instead.
+ The multi: header is requires in each .d file and will cause build error
+ if missing or set to an unknown value.
- Reported-by: Edoardo Lolletti
- Fixes #9549
- Closes #9554
+ Closes #9759
-- httpput-postfields.c: shorten string for C89 compliance
+- CURLOPT_AUTOREFERER.3: highlight the privacy leak risk
- httpput-postfields.c:41:3: error: string length ‘522’ is greater than the
- length ‘509’ ISO C90 compilers are required to support [-Woverlength-str
- ings]
- 41 | "this chapter.";
- | ^~~~~~~~~~~~~~~
+ Closes #9757
- Closes #9555
+- mprintf: reject two kinds of precision for the same argument
-- ws: fix a C89 compliance nit
+ An input like "%.*1$.9999d" would first use the precision taken as an
+ argument *and* then the precision specified in the string, which is
+ confusing and wrong. pass1 will now instead return error on this double
+ use.
- Closes #9541
+ Adjusted unit test 1398 to verify
-Patrick Monnerat (21 Sep 2022)
+ Reported-by: Peter Goodman
-- unit test 1655: make it C89-compliant
+ Closes #9754
- Initializations performed in unit test 1655 use automatic variables in
- aggregates and thus can only be computed at run-time. Using gcc in C89
- dialect mode produces warning messages like:
+- ftp: remove redundant if
- unit1655.c:96:7: warning: initializer element is not computable at load time
- [-Wpedantic]
- 96 | { toolong, DOH_DNS_NAME_TOO_LONG }, /* expect early failure */
- | ^~~~~~~
+ Reported-by: Trail of Bits
- Fix the problem by converting these automatic pointer variables to
- static arrays.
+ Closes #9753
- Closes #9551
+- tool_operate: more transfer cleanup after parallel transfer fail
-Tobias Schaefer (20 Sep 2022)
+ In some circumstances when doing parallel transfers, the
+ single_transfer_cleanup() would not be called and then 'inglob' could
+ leak.
-- curl_strequal.3: fix typo
+ Test 496 verifies
- Closes #9548
+ Reported-by: Trail of Bits
+ Closes #9749
-Dmitry Karpov (20 Sep 2022)
+- mqtt: spell out CONNECT in comments
-- resolve: make forced IPv4 resolve only use A queries
+ Instead of calling it 'CONN' in several comments, use the full and
+ correct protocol packet name.
- This protects IPv4-only transfers from undesired bad IPv6-related side
- effects and make IPv4 transfers in dual-stack libcurl behave the same
- way as in IPv4 single-stack libcurl.
+ Suggested by Trail of Bits
- Closes #9540
+ Closes #9751
-Daniel Stenberg (20 Sep 2022)
+- CURLOPT_POSTFIELDS.3: refer to CURLOPT_MIMEPOST
-- RELEASE-NOTES: synced
+ Not the deprecated CURLOPT_HTTPPOST option.
-- winbuild/MakefileBuild.vc: handle spaces in libssh(2) include paths
+ Also added two see-alsos.
- Patched-by: Mark Itzcovitz
- Bug: https://curl.se/mail/lib-2022-09/0038.html
+ Reported-by: Trail of Bits
+ Closes #9752
- Closes #9536
+- RELEASE-NOTES: synced
-- TODO: Reduce CA certificate bundle reparsing
+Jay Satiro (17 Oct 2022)
- By adding some sort of cache.
+- ngtcp2: Fix build errors due to changes in ngtcp2 library
- Reported-by: Michael Drake
- Closes #9379
- Closes #9538
+ ngtcp2/ngtcp2@b0d86f60 changed:
-Marc Hoersken (19 Sep 2022)
+ - ngtcp2_conn_get_max_udp_payload_size =>
+ ngtcp2_conn_get_max_tx_udp_payload_size
-- CI/GHA: cancel outdated CI runs on new PR changes
+ - ngtcp2_conn_get_path_max_udp_payload_size =>
+ ngtcp2_conn_get_path_max_tx_udp_payload_size
- Avoid letting outdated CI runs continue if a PR receives
- new changes. Outside a PR we let them continue running
- by tying the concurrency to the commit hash instead.
+ ngtcp2/ngtcp2@ec59b873 changed:
- Also only let one CodeQL or Hacktoberfest job run at a time.
+ - 'early_data_rejected' member added to ng_callbacks.
- Other CI platforms we use have this build in, but GitHub
- unfortunately neither by default nor with a simple option.
+ Assisted-by: Daniel Stenberg
+ Reported-by: jurisuk@users.noreply.github.com
- This saves CI resources and therefore a little energy.
+ Fixes https://github.com/curl/curl/issues/9747
+ Closes https://github.com/curl/curl/pull/9748
- Approved-by: Daniel Stenberg
- Approved-by: Max Dymond
- Closes #9533
+Daniel Stenberg (16 Oct 2022)
-Daniel Stenberg (19 Sep 2022)
+- curl_path: return error if given a NULL homedir
-- docs: fix proselint complaints
+ Closes #9740
-- GHA: run proselint on markdown files
+- libssh: if sftp_init fails, don't get the sftp error code
- Co-authored-by: Marc Hörsken
+ This flow extracted the wrong code (sftp code instead of ssh code), and
+ the code is sometimes (erroneously) returned as zero anyway, so skip
+ getting it and set a generic error.
- Closes #9520
+ Reported-by: David McLaughlin
+ Fixes #9737
+ Closes #9740
-- lib: the number four in a sequence is the "fourth"
+- mqtt: return error for too long topic
- Spelling is hard
+ Closes #9744
- Closes #9535
+Rickard Hallerbäck (16 Oct 2022)
-John Bampton (19 Sep 2022)
+- tool_paramhlp: make the max argument a 'double'
-- misc: fix spelling in two source files
+ To fix compiler warnings "Implicit conversion from 'long' to 'double'
+ may lose precision"
- Closes #9529
+ Closes #9700
-Viktor Szakats (18 Sep 2022)
+Philip Heiduck (15 Oct 2022)
-- windows: add .rc support to autotools builds
+- cirrus-ci: add more macOS builds with m1 based on x86_64 builds
- After this update autotools builds will compile and link `.rc` resources
- to Windows executables. Bringing this feature on par with CMake and
- Makefile.m32 builds. And also making it unnecessary to improvise these
- steps manually, while monkey patching build files, e.g. [0].
+ Also refactor macOS builds to use task matrix.
- You can customize the resource compiler via the `RC` envvar, and its
- options via `RCFLAGS`.
+ Assisted-by: Marc Hörsken
+ Closes #9565
- This harmless warning may appear throughout the build, even though the
- autotools manual documents [1] `RC` as a valid tag, and it fails when
- omitting one:
- `libtool: error: ignoring unknown tag RC`
+Viktor Szakats (14 Oct 2022)
- [0] https://github.com/curl/curl-for-win/blob/535f19060d4b708f72e75dd849409ce
- 50baa1b84/curl-autotools.sh#L376-L382
- [1] https://www.gnu.org/software/libtool/manual/html_node/Tags.html
+- cmake: set HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID on Windows
- Closes #9521
+ `lib/config-win32.h` enables this configuration option unconditionally.
+ Make it apply to CMake builds as well.
-Marc Hoersken (18 Sep 2022)
+ While here, delete a broken check for
+ `HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID` from `CMakeLists.txt`. This came with
+ the initial commit [1], but did not include the actual verification code
+ inside `CMake/CurlTests.c`, so it always failed. A later commit [2]
+ added a second test, for non-Windows platforms.
-- CI/linkcheck: only run if a Markdown file is changed
+ Enabling this flag causes test 1056 to fail with CMake builds, as they
+ do with autotools builds. Let's apply the same solution and ignore the
+ results here as well.
- This saves CI resources and therefore a little energy.
+ [1] 4c5307b45655ba75ab066564afdc0c111a8b9291
+ [2] aec7c5a87c8482b6ddffa352d7d220698652262e
- Reviewed-by: Max Dymond
- Closes #9531
+ Reviewed-by: Daniel Stenberg
+ Assisted-by: Marcel Raad
-- README.md: add GHA status badges for Linux and macOS builds
+ Closes #9726
- This makes sense now that Linux builds are being consolidated.
+- cmake: set HAVE_GETADDRINFO_THREADSAFE on Windows
- Approved-by: Daniel Stenberg
- Closes #9530
+ autotools enables this configuration option unconditionally for Windows
+ [^1]. Do the same in CMake.
- [skip ci]
+ The above will make this work for all reasonably recent environments.
+ The logic present in `lib/config-win32.h` [^2] has the following
+ exceptions which we did not cover in this CMake update:
-Daniel Stenberg (17 Sep 2022)
+ - Builds targeting Windows 2000 and earlier
+ - MS Visual C++ 5.0 (1997) and earlier
-- misc: null-terminate
+ Also make sure to disable this feature when `HAVE_GETADDRINFO` isn't
+ set, to avoid a broken build. We might want to handle that in the C
+ sources in a future commit.
- Make use of this term consistently.
+ [^1]: https://github.com/curl/curl/blob/68fa9bf3f5d7b4fcbb57619f70cb4aabb79a5
+ 1f6/m4/curl-functions.m4#L2067-L2070
- Closes #9527
+ [^2]: https://github.com/curl/curl/blob/68fa9bf3f5d7b4fcbb57619f70cb4aabb79a5
+ 1f6/lib/config-win32.h#L511-L528
-Marc Hoersken (17 Sep 2022)
+ Closes #9727
-- CI/GHA: merge intel CC and more TLS libs into linux workflow
+- cmake: sync HAVE_SIGNAL detection with autotools
- Continue work on merging all Linux workflows into one file.
+ `HAVE_SIGNAL` means the availability of the `signal()` function in
+ autotools, while in CMake it meant the availability of that function
+ _and_ the symbol `SIGALRM`.
- Reviewed-by: Max Dymond
- Follow up to #9501
- Closes #9514
+ The latter is not available on Windows, but the function is, which means
+ on Windows, autotools did define `HAVE_SIGNAL`, but CMake did not,
+ introducing a slight difference into the binaries.
-Patrick Monnerat (17 Sep 2022)
+ This patch syncs CMake behaviour with autotools to look for the function
+ only.
-- lib1597: make it C89-compliant again
+ The logic came with the initial commit adding CMake support to curl, so
+ the commit history doesn't reveal the reason behind it. In any case,
+ it's best to check the existence of `SIGALRM` directly in the source
+ before use. For now, curl builds fine with `HAVE_SIGNAL` enabled and
+ `SIGALRM` missing.
- Automatic variable addresses cannot be used in an initialisation
- aggregate.
+ Follow-up to 68fa9bf3f5d7b4fcbb57619f70cb4aabb79a51f6
- Follow-up to 9d51329
+ Closes #9725
- Reported-by: Daniel Stenberg
- Fixes: #9524
- Closes #9525
+- cmake: delete duplicate HAVE_GETADDRINFO test
-Daniel Stenberg (17 Sep 2022)
+ A custom `HAVE_GETADDRINFO` check came with the initial CMake commit
+ [1]. A later commit [2] added a standard check for it as well. The
+ standard check run before the custom one, so CMake ignored the latter.
-- tool_libinfo: silence "different 'const' qualifiers" in qsort()
+ The custom check was also non-portable, so this patch deletes it in
+ favor of the standard check.
- MSVC 15.0.30729.1 warned about it
+ [1] 4c5307b45655ba75ab066564afdc0c111a8b9291
+ [2] aec7c5a87c8482b6ddffa352d7d220698652262e
- Follow-up to dd2a024323dcc
+ Closes #9731
- Closes #9522
+Daniel Stenberg (14 Oct 2022)
-Patrick Monnerat (16 Sep 2022)
+- tool_formparse: unroll the NULL_CHECK and CONST_FREE macros
-- docs: tell about disabled protocols in CURLOPT_*PROTOCOLS_STR.
+ To make the code read more obvious
- Disabled protocols are now handled as if they were unknown.
- Also update the possible protocol list.
+ Assisted-by: Jay Satiro
-- cli tool: do not use disabled protocols
+ Closes #9710
- As they are now rejected by the library, take care of not passing
- disabled protocol names to CURLOPT_PROTOCOLS_STR and
- CURLOPT_REDIR_PROTOCOLS_STR.
+Christopher Sauer (14 Oct 2022)
- Rather than using the CURLPROTO_* constants, dynamically assign protocol
- numbers based on the order they are listed by curl_version_info().
+- docs/INSTALL: update Android Instructions for newer NDKs
- New type proto_set_t implements prototype bit masks: it should therefore
- be large enough to accomodate all library-enabled protocols. If not,
- protocol numbers beyond the bit count of proto_set_t are recognized but
- "inaccessible": when used, a warning is displayed and the value is
- ignored. Should proto_set_t overflows, enabled protocols are reordered to
- force those having a public CURLPROTO_* representation to be accessible.
+ Closes #9732
- Code has been added to subordinate RTMP?* protocols to the presence of
- RTMP in the enabled protocol list, being returned by curl_version_info()
- or not.
+Daniel Stenberg (14 Oct 2022)
-- setopt: use the handler table for protocol name to number conversions
+- markdown-uppercase: ignore quoted sections
- This also returns error CURLE_UNSUPPORTED_PROTOCOL rather than
- CURLE_BAD_FUNCTION_ARGUMENT when a listed protocol name is not found.
+ Sections within the markdown ~~~ or ``` are now ignored.
- A new schemelen parameter is added to Curl_builtin_scheme() to support
- this extended use.
+ Closes #9733
- Note that disabled protocols are not recognized anymore.
+- RELEASE-NOTES: synced
- Tests adapted accordingly.
+- test8: update as cookies no longer can have "embedded" TABs in content
- Closes #9472
+- test1105: extend to verify TAB in name/content discarding cookies
-Daniel Stenberg (16 Sep 2022)
+- cookie: reject cookie names or content with TAB characters
-- altsvc: use 'h3' for h3
+ TABs in name and content seem allowed by RFC 6265: "the algorithm strips
+ leading and trailing whitespace from the cookie name and value (but
+ maintains internal whitespace)"
- Since the official and real version has been out for a while now and servers
- are deployed out there using it, there is no point in sticking to h3-29.
+ Cookies with TABs in the names are rejected by Firefox and Chrome.
- Reported-by: ウさん
- Fixes #9515
- Closes #9516
+ TABs in content are stripped out by Firefox, while Chrome discards the
+ whole cookie.
-chemodax (16 Sep 2022)
+ TABs in cookies also cause issues in saved netscape cookie files.
-- winbuild: Use NMake batch-rules for compilation
+ Reported-by: Trail of Bits
- - Invoke cl compiler once for each group of .c files.
+ URL: https://curl.se/mail/lib-2022-10/0032.html
+ URL: https://github.com/httpwg/http-extensions/issues/2262
- This is significantly improves compilation time. For example in my
- environment: 40 s --> 20 s.
+ Closes #9659
- Prior to this change cl was invoked per .c file.
+- curl/add_parallel_transfers: better error handling
- Closes https://github.com/curl/curl/pull/9512
+ 1 - consider the transfer handled at once when in the function, to avoid
+ the same list entry to get added more than once in rare error
+ situations
-Daniel Stenberg (16 Sep 2022)
+ 2 - set the ERRORBUFFER for the handle first after it has been added
+ successfully
-- ws: the infof() flags should be %zu
+ Reported-by: Trail of Bits
- Follow-up to e5e9e0c5e49ae0
+ Closes #9729
- Closes #9518
+- netrc: remove the two 'changed' arguments
-- curl: warn for --ssl use, considered insecure
+ As no user of these functions used the returned content.
- Closes #9519
+- test495: verify URL encoded user name + netrc-optional
-Sergey Bronnikov (16 Sep 2022)
+ Reproduced issue #9709
-- curl_escape.3: fix typo
+- netrc: use the URL-decoded user
- lengthf -> length
+ When the user name is provided in the URL it is URL encoded there, but
+ when used for authentication the encoded version should be used.
- Closes #9517
+ Regression introduced after 7.83.0
-Daniel Stenberg (16 Sep 2022)
+ Reported-by: Jonas Haag
+ Fixes #9709
+ Closes #9715
-- mailmap: merge Philip Heiduck's two addresses into one
+Shaun Mirani (13 Oct 2022)
-- test1948: verify PUT + POST reusing the same handle
+- url: allow non-HTTPS HSTS-matching for debug builds
- Reproduced #9507, verifies the fix
+ Closes #9728
-- setopt: when POST is set, reset the 'upload' field
+Daniel Stenberg (13 Oct 2022)
- Reported-by: RobBotic1 on github
- Fixes #9507
- Closes #9511
+- test1275: remove the check of stderr
-Marc Hoersken (15 Sep 2022)
+ To avoid the mysterious test failures on Windows, instead rely on the
+ error code returned on failure.
-- github: initial CODEOWNERS setup for CI configuration
+ Fixes #9716
+ Closes #9723
- Reviewed-by: Daniel Stenberg
- Reviewed-by: Marcel Raad
- Reviewed-by: Max Dymond
+Viktor Szakats (13 Oct 2022)
- Closes #9505
+- lib: set more flags in config-win32.h
- [skip ci]
+ The goal is to add any flag that affect the created binary, to get in
+ sync with the ones built with CMake and autotools.
-Philip Heiduck (15 Sep 2022)
+ I took these flags from curl-for-win [0], where they've been tested with
+ mingw-w64 and proven to work well.
-- CI: optimize some more dependencies install
+ This patch brings them to curl as follows:
- Signed-off-by: Philip Heiduck <pheiduck@Philips-MBP.lan>
+ - Enable unconditionally those force-enabled via
+ `CMake/WindowsCache.cmake`:
- Closes #9500
+ - `HAVE_SETJMP_H`
+ - `HAVE_STRING_H`
+ - `HAVE_SIGNAL` (CMake equivalent is `HAVE_SIGNAL_FUNC`)
-Marc Hoersken (15 Sep 2022)
+ - Expand existing guards with mingw-w64:
-- CI/GHA: merge event-based and NSS into new linux workflow
+ - `HAVE_STDBOOL_H`
+ - `HAVE_BOOL_T`
- Continue work on merging all Linux workflows into one file.
+ - Enable Win32 API functions for Windows Vista and later:
- Follow up to #9501
- Closes #9506
+ - `HAVE_INET_NTOP`
+ - `HAVE_INET_PTON`
-Daniel Stenberg (15 Sep 2022)
+ - Set sizes, if not already set:
-- include/curl/websockets.h: add extern "C" for C++
+ - `SIZEOF_OFF_T = 8`
+ - `_FILE_OFFSET_BITS = 64` when `USE_WIN32_LARGE_FILES` is set,
+ and using mingw-w64.
- Reported-by: n0name321 on github
- Fixes #9509
- Closes #9510
+ - Add the remaining for mingw-w64 only. Feel free to expand as desired:
-- lib1560: extended to verify detect/reject of unknown schemes
+ - `HAVE_LIBGEN_H`
+ - `HAVE_FTRUNCATE`
+ - `HAVE_BASENAME`
+ - `HAVE_STRTOK_R`
- ... when no guessing is allowed.
+ Future TODO:
-- urlapi: detect scheme better when not guessing
+ - `HAVE_SIGNAL` has a different meaning in CMake. It's enabled when both
+ the `signal()` function and the `SIGALRM` macro are found. In
+ autotools and this header, it means the function only. For the
+ function alone, CMake uses `HAVE_SIGNAL_FUNC`.
- When the parser is not allowed to guess scheme, it should consider the
- word ending at the first colon to be the scheme, independently of number
- of slashes.
+ [0] https://github.com/curl/curl-for-win/blob/c9b9a5f273c94c73d2b565ee892c4df
+ f0ca97a8c/curl-m32.sh#L53-L58
- The parser now checks that the scheme is known before it counts slashes,
- to improve the error messge for URLs with unknown schemes and maybe no
- slashes.
+ Reviewed-by: Daniel Stenberg
- When following redirects, no scheme guessing is allowed and therefore
- this change effectively prevents redirects to unknown schemes such as
- "data".
+ Closes #9712
- Fixes #9503
+Daniel Stenberg (13 Oct 2022)
-- strerror: improve two URL API error messages
+- tests: add tests/markdown-uppercase.pl to dist tarball
-Marc Hoersken (14 Sep 2022)
+ Follow-up to aafb06c5928183d
-- CI/GHA: merge bearssl and hyper into initial linux workflow
+ Closes #9722
- Begin work on merging all Linux workflows into one file.
+- tool_paramhelp: asserts verify maximum sizes for string loading
- Closes #9501
+ The two defines MAX_FILE2MEMORY and MAX_FILE2STRING define the largest
+ strings accepted when loading files into memory, but as the size is
+ later used as input to functions that take the size as 'int' as
+ argument, the sizes must not be larger than INT_MAX.
-Daniel Stenberg (14 Sep 2022)
+ These two new assert()s make the code error out if someone would bump
+ the sizes without this consideration.
-- RELEASE-NOTES: synced
+ Reported-by Trail of Bits
-- cmake: define BUILDING_LIBCURL in lib/CMakeLists, not config.h
+ Closes #9719
- Since the config file might also get included by the tool code at times.
- This syncs with how other builds do it.
+- http: try parsing Retry-After: as a number first
- Closes #9498
+ Since the date parser allows YYYYMMDD as a date format (due to it being
+ a bit too generic for parsing this particular header), a large integer
+ number could wrongly match that pattern and cause the parser to generate
+ a wrong value.
-- tool_hugehelp: make hugehelp a blank macro when disabled
+ No date format accepted for this header starts with a decimal number, so
+ by reversing the check and trying a number first we can deduct that if
+ that works, it was not a date.
- Closes #9485
+ Reported-by Trail of Bits
-- getparameter: return PARAM_MANUAL_REQUESTED for -M even when disabled
+ Closes #9718
- ... to improve the output in this situation. Now it doesn't say "option
- unknown" anymore.
+Patrick Monnerat (13 Oct 2022)
- Closes #9485
+- doc: fix deprecation versions inconsistencies
-- setopt: fix compiler warning
+ Ref: https://curl.se/mail/lib-2022-10/0026.html
- Follow-up to cd5ca80f00d2
+ Closes #9711
- closes #9502
+Daniel Stenberg (13 Oct 2022)
-Philip Heiduck (13 Sep 2022)
+- http_aws_sigv4: fix strlen() check
-- CI: skip make, do make install at once for dependencies
+ The check was off-by-one leading to buffer overflow.
- Signed-off-by: Philip Heiduck <pheiduck@Philips-MBP.lan>
+ Follow-up to 29c4aa00a16872
- Closes #9477
+ Detected by OSS-Fuzz
-Daniel Stenberg (13 Sep 2022)
+ Closes #9714
-- formdata: typecast the va_arg return value
+- curl/main_checkfds: check the fcntl return code better
- To avoid "enumerated type mixed with another type" warnings
+ fcntl() can (in theory) return a non-zero number for success, so a
+ better test for error is checking for -1 explicitly.
- Follow-up from 0f52dd5fd5aa3592691a
+ Follow-up to 41e1b30ea1b77e9ff
- Closes #9499
+ Mentioned-by: Dominik Klemba
-- RELEASE-PROCEDURE.md: mention patch releases
+ Closes #9708
- - When to make them and how to argue for them
- - Refreshed the release date list
+Viktor Szakats (12 Oct 2022)
- Closes #9495
+- tidy-up: delete unused HAVE_STRUCT_POLLFD
-- urldata: use a curl_prot_t type for storing protocol bits
+ It was only defined in `lib/config-win32.h`, when building for Vista.
- This internal-use-only storage type can be bumped to a curl_off_t once
- we need to use bit 32 as the previous 'unsigned int' can no longer hold
- them all then.
+ It was only used in `select.h`, in a condition that also included a
+ check for `POLLIN` which is a superior choice for this detection and
+ which was already used by cmake and autotools builds.
- The websocket protocols take bit 30 and 31 so they are the last ones
- that fit within 32 bits - but cannot properly be exported through APIs
- since those use *signed* 32 bit types (long) in places.
+ Delete both instances of this macro.
- Closes #9481
+ Closes #9707
-zhanghu on xiaomi (13 Sep 2022)
+Daniel Stenberg (12 Oct 2022)
-- formdata: fix warning: 'CURLformoption' is promoted to 'int'
+- test1275: verify upercase after period in markdown
- curl/lib/formdata.c: In function 'FormAdd':
- curl/lib/formdata.c:249:31: warning: 'CURLformoption' is promoted to 'int' wh
- en passed through '...'
- 249 | option = va_arg(params, CURLformoption);
- | ^
- curl/lib/formdata.c:249:31: note: (so you should pass 'int' not 'CURLformopti
- on' to 'va_arg')
- curl/lib/formdata.c:249:31: note: if this code is reached, the program will a
- bort
+ Script based on the #9474 pull-request logic, but implemented in perl.
- Closes #9484
+ Updated docs/URL-SYNTAX.md accordingly.
-Daniel Stenberg (13 Sep 2022)
+ Suggested-by: Dan Fandrich
-- CURLOPT_CONNECT_ONLY.3: for ws(s) as well
+ Closes #9697
- and correct the version number for when that support comes. Even if it
- is still experimental for WebSocket.
+12932 (12 Oct 2022)
- Closes #9487
+- misc: nitpick grammar in comments/docs
-- tool_operate: avoid a few #ifdefs for disabled-libcurl builds
+ because the 'u' in URL is actually a consonant *sound* it is only
+ correct to write "a URL"
- By providing empty macros in the header file instead, the code gets
- easier to read and yet is disabled on demand.
+ sorry this is a bit nitpicky :P
- Closes #9486
+ https://english.stackexchange.com/questions/152/when-should-i-use-a-vs-an
+ https://www.techtarget.com/whatis/feature/Which-is-correct-a-URL-or-an-URL
-a1346054 on github (13 Sep 2022)
+ Closes #9699
-- scripts: use `grep -E` instead of `egrep`
+Viktor Szakats (11 Oct 2022)
- egrep is deprecated
+- Makefile.m32: drop CROSSPREFIX and our CC/AR defaults [ci skip]
- Closes #9491
+ This patch aimed to fix a regression [0], where `CC` initialization
+ moved beyond its first use. But, on closer inspection it turned out that
+ the `CC` initialization does not work as expected due to GNU Make
+ filling it with `cc` by default. So unless implicit values were
+ explicitly disabled via a GNU Make option, the default value of
+ `$CROSSPREFIX` + `gcc` was never used. At the same time the implicit
+ value `cc` maps to `gcc` in (most/all?) MinGW envs.
-Hayden Roche (13 Sep 2022)
+ `AR` has the same issue, with a default value of `ar`.
-- wolfSSL: fix session management bug.
+ We could reintroduce a separate variable to fix this without ill
+ effects, but for simplicity and flexibility, it seems better to drop
+ support for `CROSSPREFIX`, along with our own `CC`/`AR` init logic, and
+ require the caller to initialize `CC`, `AR` and `RC` to the full
+ (prefixed if necessary) names of these tools, as desired.
- Prior to this commit, non-persistent pointers were being used to store
- sessions. When a WOLFSSL object was then freed, that freed the session
- it owned, and thus invalidated the pointer held in curl's cache. This
- commit makes it so we get a persistent (deep copied) session pointer
- that we then add to the cache. Accordingly, wolfssl_session_free, which
- was previously a no-op, now needs to actually call SSL_SESSION_free.
+ We keep `RC ?= windres` because `RC` is empty by default.
- This bug was discovered by a wolfSSL customer.
+ Also fix grammar in a comment.
- Closes #9492
+ [0] 10fbd8b4e3f83b967fd9ad9a41ab484c0e7e7ca3
-Daniel Stenberg (13 Sep 2022)
+ Closes #9698
-- docs: use "WebSocket" in singular
+- smb: replace CURL_WIN32 with WIN32
- This is how the RFC calls the protocol. Also rename the file in docs/ to
- WEBSOCKET.md in uppercase to match how we have done it for many other
- protocol docs in similar fashion.
+ PR #9255 aimed to fix a Cygwin/MSYS issue (#8220). It used the
+ `CURL_WIN32` macro, but that one is not defined here, while compiling
+ curl itself. This patch changes this to `WIN32`, assuming this was the
+ original intent.
- Add the WebSocket docs to the tarball.
+ Regression from 1c52e8a3795ccdf8ec9c308f4f8f19cf10ea1f1a
- Closes #9496
+ Reviewed-by: Marcel Raad
-Marcel Raad (12 Sep 2022)
+ Closes #9701
-- ws: fix build without `USE_WEBSOCKETS`
+Matthias Gatto (11 Oct 2022)
- The curl.h include is required unconditionally.
+- aws_sigv4: fix header computation
-- ws: add missing curl.h include
+ Handle canonical headers and signed headers creation as explained here:
+ https://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.
+ html
- A conflict between commits 664249d0952 and e5839f4ee70 broke the build.
+ The algo tells that signed and canonical must contain at last host and
+ x-amz-date.
-Daniel Stenberg (12 Sep 2022)
+ So we check whatever thoses are present in the curl http headers list.
+ If they are, we use the one enter by curl user, otherwise we generate
+ them. then we to lower, and remove space from each http headers plus
+ host and x-amz-date, then sort them all by alphabetical order.
-- ws: fix an infof() call to use %uz for size_t output
+ This patch also fix a bug with host header, which was ignoring the port.
- Detected by Coverity, CID 1514665.
+ Closes #7966
- Closes #9480
+Aftab Alam (11 Oct 2022)
-Marcel Raad (12 Sep 2022)
+- README.md: link the curl logo to the website
-- curl_setup: include only system.h instead of curl.h
+ - Link the curl:// image to https://curl.se/
- As done before commit 9506d01ee50.
+ Closes https://github.com/curl/curl/pull/9675
- Ref: https://github.com/curl/curl/pull/9375#discussion_r957010158
- Closes https://github.com/curl/curl/pull/9453
+Dustin Howett (11 Oct 2022)
-- lib: add missing limits.h includes
+- schannel: when importing PFX, disable key persistence
- Closes https://github.com/curl/curl/pull/9453
+ By default, the PFXImportCertStore API persists the key in the user's
+ key store (as though the certificate was being imported for permanent,
+ ongoing use.)
-- lib and tests: add missing curl.h includes
+ The documentation specifies that keys that are not to be persisted
+ should be imported with the flag PKCS12_NO_PERSIST_KEY.
+ NOTE: this flag is only supported on versions of Windows newer than XP
+ and Server 2003.
- Closes https://github.com/curl/curl/pull/9453
+ --
-- curl_setup: include curl.h after platform setup headers
+ This is take 2 of the original fix. It extends the lifetime of the
+ client certificate store to that of the credential handle. The original
+ fix which landed in 70d010d and was later reverted in aec8d30 failed to
+ work properly because it did not do that.
- The platform setup headers might set definitions required for the
- includes in curl.h.
+ Minor changes were made to the schannel credential context to support
+ closing the client certificate store handle at the end of an SSL session.
- Ref: https://github.com/curl/curl/pull/9375#discussion_r956998269
- Closes https://github.com/curl/curl/pull/9453
+ --
-Benjamin Loison (12 Sep 2022)
+ Reported-by: ShadowZzj@users.noreply.github.com
-- docs: correct missing uppercase in Markdown files
+ Fixes https://github.com/curl/curl/issues/9300
+ Supersedes https://github.com/curl/curl/pull/9363
+ Closes https://github.com/curl/curl/pull/9460
- To detect these typos I used:
+Viktor Szakats (11 Oct 2022)
- ```
- clear && grep -rn '\. [a-z]' . | uniq | grep -v '\. lib' | grep -v '[0-9]\. [
- a-z]' | grep -v '\.\. [a-z]' | grep -v '\. curl' | grep -v 'e.g. [a-z]' | gre
- p -v 'eg. [a-z]' | grep -v '\etc. [a-z]' | grep -v 'i.e\. [a-z]' | grep --col
- or=always '\. [a-z]' | grep '\.md'
- ```
+- Makefile.m32: support more options [ci skip]
- Closes #9474
+ - Add support for these options:
+ `-wolfssl`, `-wolfssh`, `-mbedtls`, `-libssh`, `-psl`
-Daniel Stenberg (12 Sep 2022)
+ Caveats:
+ - `-wolfssh` requires `-wolfssl`.
+ - `-wolfssl` cannot be used with OpenSSL backends in parallel.
+ - `-libssh` has build issues with BoringSSL and LibreSSL, and also
+ what looks like a world-writable-config vulnerability on Windows.
+ Consider it experimental.
+ - `-psl` requires `-idn2` and extra libs passed via
+ `LIBS=-liconv -lunistring`.
-- tool_setopt: use better English in --libcurl source comments
+ - Detect BoringSSL/wolfSSL and set ngtcp2 crypto lib accordingly.
+ - Generalize MultiSSL detection.
+ - Use else-if syntax. Requires GNU Make 3.81 (2006-04-01).
+ - Document more customization options.
- Like this:
+ This brings over some configuration logic from `curl-for-win`.
- XYZ was set to an object pointer
- ABC was set to a function pointer
+ Closes #9680
- Closes #9475
+- cmake: enable more detection on Windows
-- setopt: make protocol2num use a curl_off_t for the protocol bit
+ Enable `HAVE_UNISTD_H`, `HAVE_STRTOK_R` and `HAVE_STRCASECMP` detection
+ on Windows, instead of having predefined values.
- ... since WSS does not fit within 32 bit.
+ With these features detected correctly, CMake Windows builds get closer
+ to the autotools and `config-win32.h` ones.
- Bug: https://github.com/curl/curl/pull/9467#issuecomment-1243014887
- Closes #9476
+ This also fixes detecting `HAVE_FTRUNCATE` correctly, which required
+ `unistd.h`.
-- RELEASE-NOTES: synced
+ Fixing `ftruncate()` in turn causes a build warning/error with legacy
+ MinGW/MSYS1 due to an offset type size mismatch. This env misses to
+ detect `HAVE_FILE_OFFSET_BITS`, which may be a reason. This patch
+ force-disables `HAVE_FTRUNCATE` for this platform.
-- configure: polish the grep -E message a bit further
+ Reviewed-by: Daniel Stenberg
- Suggested-by: Emanuele Torre
- Closes #9473
+ Closes #9687
-- GHA: add a gcc-11 -O3 build using OpenSSL
+- autotools: allow unix sockets on Windows
- Since -O3 might trigger other warnings
+ Fixes: https://github.com/curl/curl-for-win/blob/73a070d96fd906fdee929e2f1f00
+ a9149fb39239/curl-autotools.sh#L44-L47
- Closes #9454
+ On Windows this feature is present, but not the header used in the
+ detection logic. It also requires an elaborate enabler logic
+ (as seen in `lib/curl_setup.h`). Let's always allow it and let the
+ lib code deal with the details.
-Patrick Monnerat (11 Sep 2022)
+ Closes #9688
-- content_encoding: use writer struct subclasses for different encodings
+- cmake: add missing inet_ntop check
- The variable-sized encoding-specific storage of a struct contenc_writer
- currently relies on void * alignment that may be insufficient with
- regards to the specific storage fields, although having not caused any
- problems yet.
+ This adds the missing half of the check, next to the other half
+ already present in `lib/curl_config.h.cmake`.
- In addition, gcc 11.3 issues a warning on access to fields of partially
- allocated structures that can occur when the specific storage size is 0:
+ Force disable `HAVE_INET_NTOP` for old MSVC where it caused compiler
+ warnings.
- content_encoding.c: In function ‘Curl_build_unencoding_stack’:
- content_encoding.c:980:21: warning: array subscript ‘struct contenc_write
- r[0]’ is partly outside array bounds of ‘unsigned char[16]’ [-Warray-bo
- unds]
- 980 | writer->handler = handler;
- | ~~~~~~~~~~~~~~~~^~~~~~~~~
- In file included from content_encoding.c:49:
- memdebug.h:115:29: note: referencing an object of size 16 allocated by ‘c
- url_dbg_calloc’
- 115 | #define calloc(nbelem,size) curl_dbg_calloc(nbelem, size, __LINE__,
- __FILE__)
- | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- ~~~~~~~~~~
- content_encoding.c:977:60: note: in expansion of macro ‘calloc’
- 977 | struct contenc_writer *writer = (struct contenc_writer *)calloc(1
- , sz);
+ Reviewed-by: Daniel Stenberg
- To solve both these problems, the current commit replaces the
- contenc_writer/params structure pairs by "subclasses" of struct
- contenc_writer. These are structures that contain a contenc_writer at
- offset 0. Proper field alignment is therefore handled by the compiler and
- full structure allocation is performed, silencing the warnings.
+ Closes #9689
- Closes #9455
+Daniel Stenberg (11 Oct 2022)
-Daniel Stenberg (11 Sep 2022)
+- RELEASE-NOTES: synced
-- configure: correct the wording when checking grep -E
+bsergean on github (11 Oct 2022)
- The check first checks that grep -E works, and only as a fallback tries
- to find and use egrep. egrep is deprecated.
+- asyn-ares: set hint flags when calling ares_getaddrinfo
- This change only corrects the output wording, not the checks themselves.
+ The hint flag is ARES_AI_NUMERICSERV, and it will save a call to
+ getservbyname or getservbyname_r to set it.
- Closes #9471
+ Closes #9694
-Viktor Szakats (10 Sep 2022)
+Daniel Stenberg (11 Oct 2022)
-- websockets: sync prototypes in docs with implementation [ci skip]
+- header.d: add category smtp and imap
- Docs for the new send/recv functions synced with the committed versions
- of these.
+ They were previously (erroneously) added manually to tool_listhelp.c
+ which would make them get removed again when the file is updated next
+ time, unless added correctly here in header.d
- Closes #9470
+ Follow-up to 2437fac01
-Daniel Stenberg (10 Sep 2022)
+ Closes #9690
-- setopt: make protocols2num() work with websockets
+- curl/get_url_file_name: use libcurl URL parser
- So that CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR can
- specify those as well.
+ To avoid URL tricks, use the URL parser for this.
- Reported-by: Patrick Monnerat
- Bug: https://curl.se/mail/lib-2022-09/0016.html
- Closes #9467
+ This update changes curl's behavior slightly in that it will ignore the
+ possible query part from the URL and only use the file name from the
+ actual path from the URL. I consider it a bugfix.
-- curl/websockets.h: remove leftover bad typedef
+ "curl -O localhost/name?giveme-giveme" will now save the output in the
+ local file named 'name'
- Just a leftover trace of a development thing that did not stay like
- that.
+ Updated test 1210 to verify
- Reported-by: Marc Hörsken
- Fixes #9465
- Cloes #9466
+ Assisted-by: Jay Satiro
-Orgad Shaneh (10 Sep 2022)
+ Closes #9684
-- fix Cygwin/MSYS compilation
+Martin Ågren (11 Oct 2022)
- _getpid is Windows API. On Cygwin variants it should remain getpid.
+- docs: fix grammar around needing pass phrase
- Fixes #8220
- Closes #9255
+ "You never needed a pass phrase" reads like it's about to be followed by
+ something like "until version so-and-so", but that is not what is
+ intended. Change to "You never need a pass phrase". There are two
+ instances of this text, so make sure to update both.
-Marc Hoersken (10 Sep 2022)
+Xiang Xiao (10 Oct 2022)
-- GHA: prepare workflow merge by aligning structure again
+- cmake: add the check of HAVE_SOCKETPAIR
- Closes #9413
+ which is used by Curl_socketpair
-Daniel Stenberg (9 Sep 2022)
+ Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
-- docs: the websockets symbols are added in 7.86.0
+ Closes #9686
- Nothing else
+Daniel Stenberg (10 Oct 2022)
- Closes #9459
+- curl/add_file_name_to_url: use the libcurl URL parser
-- tests/libtest/Makefile.inc: fixup merge conflict mistake
+ instead of the custom error-prone parser, to extract and update the path
+ of the given URL
-- EXPERIMENTAL.md: add WebSockets
+ Closes #9683
-- appveyor: enable websockets
+- single_transfer: use the libcurl URL parser when appending query parts
-- cirrus: enable websockets in the windows builds
+ Instead of doing "manual" error-prone parsing in another place.
-- GHA: add websockets to macos, openssl3 and hyper builds
+ Used when --data contents is added to the URL query when -G is provided.
-- tests: add websockets tests
+ Closes #9681
- - add websockets support to sws
- - 2300: first very basic websockets test
- - 2301: first libcurl test for ws (not working yet)
- - 2302: use the ws callback
- - 2303: test refused upgrade
+- ws: fix buffer pointer use in the callback loop
-- curl_ws_meta: initial implementation
+ Closes #9678
-- curl_ws_meta.3: added docs
+Petr Štetiar (10 Oct 2022)
-- ws: initial websockets support
+- curl-wolfssl.m4: error out if wolfSSL is not usable
- Closes #8995
+ When I explicitly declare, that I would like to have curl built with
+ wolfSSL support using `--with-wolfssl` configure option, then I would
+ expect, that either I endup with curl having that support, for example
+ in form of https support or it wouldn't be available at all.
-- version: add ws + wss
+ Downstream projects like for example OpenWrt build curl wolfSSL variant
+ with `--with-wolfssl` already, but in certain corner cases it does fail:
-- libtest/lib1560: test basic websocket URL parsing
+ configure:25299: checking for wolfSSL_Init in -lwolfssl
+ configure:25321: x86_64-openwrt-linux-musl-gcc -o conftest [snip]
+ In file included from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/dsa.
+ h:33,
+ from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/asn_
+ public.h:35,
+ from target-x86_64_musl/usr/include/wolfssl/ssl.h:35,
+ from conftest.c:47:
+ target-x86_64_musl/usr/include/wolfssl/wolfcrypt/integer.h:37:14: fatal err
+ or: wolfssl/wolfcrypt/sp_int.h: No such file or directory
+ #include <wolfssl/wolfcrypt/sp_int.h>
+ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ compilation terminated.
-- configure: add --enable-websockets
+ and in the end thus produces curl without https support:
-- docs/WebSockets.md: docs
+ curl: (1) Protocol "https" not supported or disabled in libcurl
-- test415: verify Content-Length parser with control code + negative value
+ So fix it, by making the working wolfSSL mandatory and error out in
+ configure step when that's not the case:
-- strtoofft: after space, there cannot be a control code
+ checking for wolfSSL_Init in -lwolfssl... no
+ configure: error: --with-wolfssl but wolfSSL was not found or doesn't work
- With the change from ISSPACE() to ISBLANK() this function no longer
- deals with (ignores) control codes the same way, which could lead to
- this function returning unexpected values like in the case of
- "Content-Length: \r-12354".
+ References: https://github.com/openwrt/packages/issues/19005
+ References: https://github.com/openwrt/packages/issues/19547
+ Signed-off-by: Petr Štetiar <ynezz@true.cz>
- Follow-up to 6f9fb7ec2d7cb389a0da5
+ Closes #9682
- Detected by OSS-fuzz
- Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51140
- Assisted-by: Max Dymond
- Closes #9458
+Daniel Stenberg (10 Oct 2022)
-- headers: reset the requests counter at transfer start
+- tool_getparam: pass in the snprintf("%.*s") string length as 'int'
- If not, reusing an easy handle to do a subsequent transfer would
- continue the counter from the previous invoke, which then would make use
- of the header API difficult/impossible as the request counter
- mismatched.
+ Reported by Coverity CID 1515928
- Add libtest 1947 to verify.
+ Closes #9679
- Reported-by: Andrew Lambert
- Fixes #9424
- Closes #9447
+Paul Seligman (9 Oct 2022)
-Jay Satiro (8 Sep 2022)
+- ws: minor fixes for web sockets without the CONNECT_ONLY flag
+
+ - Fixed an issue where is_in_callback was getting cleared when using web
+ sockets with debug logging enabled
+ - Ensure the handle is is_in_callback when calling out to fwrite_func
+ - Change the write vs. send_data decision to whether or not the handle
+ is in CONNECT_ONLY mode.
+ - Account for buflen not including the header length in curl_ws_send
-- header: define public API functions as extern c
+ Closes #9665
- Prior to this change linker errors would occur if curl_easy_header or
- curl_easy_nextheader was called from a C++ unit.
+Marc Hoersken (8 Oct 2022)
- Bug: https://github.com/curl/curl/issues/9424#issuecomment-1238818007
- Reported-by: Andrew Lambert
+- CI/cirrus: merge existing macOS jobs into a job matrix
- Closes https://github.com/curl/curl/pull/9446
+ Ref: #9627
+ Reviewed-by: Philip H.
-Daniel Stenberg (8 Sep 2022)
+ Closes #9672
-- http2: make nghttp2 less picky about field whitespace
+Daniel Stenberg (8 Oct 2022)
- In nghttp2 1.49.0 it returns error on leading and trailing whitespace in
- header fields according to language in the recently shipped RFC 9113.
+- strcase: add and use Curl_timestrcmp
- nghttp2 1.50.0 introduces an option to switch off this strict check and
- this change enables this option by default which should make curl behave
- more similar to how it did with nghttp2 1.48.0 and earlier.
+ This is a strcmp() alternative function for comparing "secrets",
+ designed to take the same time no matter the content to not leak
+ match/non-match info to observers based on how fast it is.
- We might want to consider making this an option in the future.
+ The time this function takes is only a function of the shortest input
+ string.
- Closes #9448
+ Reported-by: Trail of Bits
-- RELEASE-NOTES: synced
+ Closes #9658
- And bump to 7.86.0 for the pending next release
+- tool_getparam: split out data_urlencode() into its own function
-Michael Heimpold (7 Sep 2022)
+ Closes #9673
-- ftp: ignore a 550 response to MDTM
+- connect: fix Curl_updateconninfo for TRNSPRT_UNIX
- The 550 is overused as a return code for multiple error case, e.g.
- file not found and/or insufficient permissions to access the file.
+ Reported-by: Vasiliy Ulyanov
+ Fixes #9664
+ Closes #9670
- So we cannot fail hard in this case.
+- ws: fix Coverity complaints
- Adjust test 511 since we now fail later.
- Add new test 3027 which check that when MDTM failed, but the file could
- actually be retrieved, that in this case no filetime is provided.
+ Coverity pointed out several flaws where variables remained
+ uninitialized after forks.
- Reported-by: Michael Heimpold
- Fixes #9357
- Closes #9387
+ Follow-up to e3f335148adc6742728f
-Daniel Stenberg (7 Sep 2022)
+ Closes #9666
-- urlapi: leaner with fewer allocs
+Marc Hoersken (7 Oct 2022)
- Slightly faster with more robust code. Uses fewer and smaller mallocs.
+- CI/GHA: merge msh3 and openssl3 builds into linux workflow
- - remove two fields from the URL handle struct
- - reduce copies and allocs
- - use dynbuf buffers more instead of custom malloc + copies
- - uses dynbuf to build the host name in reduces serial alloc+free within
- the same function.
- - move dedotdotify into urlapi.c and make it static, not strdup the input
- and optimize it by checking for . and / before using strncmp
- - remove a few strlen() calls
- - add Curl_dyn_setlen() that can "trim" an existing dynbuf
+ Continue work on merging all Linux workflows into one file.
- Closes #9408
+ Follow up to #9501
+ Closes #9646
-Jay Satiro (7 Sep 2022)
+Daniel Stenberg (7 Oct 2022)
-- setup-win32: no longer define UNICODE/_UNICODE implicitly
+- curl_ws_send.3: call the argument 'fragsize'
- - If UNICODE or _UNICODE is defined but the other isn't then error
- instead of implicitly defining it.
+ Since WebSocket works with "fragments" not "frames"
- As Marcel pointed out it is too late at this point to make such a define
- because Windows headers may already be included, so likely it never
- worked. We never noticed because build systems that can make Windows
- Unicode builds always define both. If one is defined but not the other
- then something went wrong during the build configuration.
+ Closes #9668
- Bug: https://github.com/curl/curl/pull/9375#discussion_r956545272
- Reported-by: Marcel Raad
+- easy: avoid Intel error #2312: pointer cast involving 64-bit pointed-to type
- Closes https://github.com/curl/curl/pull/9384
+ Follow-up to e3f335148adc6742728ff8
-Dan Fandrich (6 Sep 2022)
+ Closes #9669
-- tests: fix tag syntax errors in test files
+- tool_main: exit at once if out of file descriptors
-Marc Hoersken (6 Sep 2022)
+ If the main_checkfds function cannot create new file descriptors in an
+ attempt to detect of stdin, stdout or stderr are closed.
-- lib: add required Win32 setup definitions in setup-win32.h
+ Also changed the check to use fcntl() to check if the descriptors are
+ open, which avoids superfluously calling pipe() if they all already are.
- Assisted-by: Jay Satiro
- Reviewed-by: Marcel Raad
+ Follow-up to facfa19cdd4d0094
- Follow up to #9312
- Closes #9375
+ Reported-by: Trail of Bits
-Daniel Stenberg (6 Sep 2022)
+ Closes #9663
-- pingpong: extend the response reading error with errno
+- websockets: remodeled API to support 63 bit frame sizes
- To help diagnosing the cause of the problem.
+ curl_ws_recv() now receives data to fill up the provided buffer, but can
+ return a partial fragment. The function now also get a pointer to a
+ curl_ws_frame struct with metadata that also mentions the offset and
+ total size of the fragment (of which you might be receiving a smaller
+ piece). This way, large incoming fragments will be "streamed" to the
+ application. When the curl_ws_frame struct field 'bytesleft' is 0, the
+ final fragment piece has been delivered.
- See #9380
- Closes #9443
+ curl_ws_recv() was also adjusted to work with a buffer size smaller than
+ the fragment size. (Possibly needless to say as the fragment size can
+ now be 63 bit large).
-- curl-compilers.m4: use -O2 as default optimize for clang
+ curl_ws_send() now supports sending a piece of a fragment, in a
+ streaming manner, in addition to sending the entire fragment in a single
+ call if it is small enough. To send a huge fragment, curl_ws_send() can
+ be used to send it in many small calls by first telling libcurl about
+ the total expected fragment size, and then send the payload in N number
+ of separate invokes and libcurl will stream those over the wire.
- Not -Os
+ The struct curl_ws_meta() returns is now called 'curl_ws_frame' and it
+ has been extended with two new fields: *offset* and *bytesleft*. To help
+ describe the passed on data chunk when a fragment is delivered in many
+ smaller pieces.
- Closes #9444
+ The documentation has been updated accordingly.
-- tool_operate: fix msnprintfing the error message
+ Closes #9636
- Follow-up to 7be53774c41c59b47075fba
+Patrick Monnerat (7 Oct 2022)
- Coverity CID 1513717 pointed out that we cannot use sizeof() on the
- error buffer anymore.
+- docs/examples: avoid deprecated options in examples where possible
- Closes #9440
+ Example programs targeting a deprecated feature/option are commented with
+ a warning about it.
+ Other examples are adapted to not use deprecated options.
-Emanuele Torre (6 Sep 2022)
+ Closes #9661
-- curl_ctype: add space around <= operator in ISSPACE macro
+Viktor Szakats (6 Oct 2022)
- Follow-up to f65f750
+- cmake: fix enabling websocket support
- Closes #9441
+ Follow-up from 664249d095275ec532f55dd1752d80c8c1093a77
-Daniel Stenberg (6 Sep 2022)
+ Closes #9660
-- CURLOPT_PROXY_SSLCERT_BLOB.3: this is for HTTPS proxies
+- tidy-up: delete parallel/unused feature flags
- The 'protocols' listed were previously wrong.
+ Detecting headers and lib separately makes sense when headers come in
+ variations or with extra ones, but this wasn't the case here. These were
+ duplicate/parallel macros that we had to keep in sync with each other
+ for a working build. This patch leaves a single macro for each of these
+ dependencies:
- Reported-by: ProceduralMan on github
- Fixes #9434
- Closes #9435
+ - Rely on `HAVE_LIBZ`, delete parallel `HAVE_ZLIB_H`.
-- curl_ctype: convert to macros-only
+ Also delete CMake logic making sure these two were in sync, along with
+ a toggle to turn off that logic, called `CURL_SPECIAL_LIBZ`.
- This no longer provide functions, only macros. Runs faster and produces
- smaller output.
+ Also delete stray `HAVE_ZLIB` defines.
- The biggest precaution this change brings:
+ There is also a `USE_ZLIB` variant in `lib/config-dos.h`. This patch
+ retains it for compatibility and deprecates it.
- DO NOT use post/pre-increments when passing arguments to the macros.
+ - Rely on `USE_LIBSSH2`, delete parallel `HAVE_LIBSSH2_H`.
- Closes #9429
+ Also delete `LIBSSH2_WIN32`, `LIBSSH2_LIBRARY` from
+ `winbuild/MakefileBuild.vc`, these have a role when building libssh2
+ itself. And `CURL_USE_LIBSSH`, which had no use at all.
-- misc: ISSPACE() => ISBLANK()
+ Also delete stray `HAVE_LIBSSH2` defines.
- Instances of ISSPACE() use that should rather use ISBLANK(). I think
- somewhat carelessly used because it sounds as if it checks for space or
- whitespace, but also includes %0a to %0d.
+ - Rely on `USE_LIBSSH`, delete parallel `HAVE_LIBSSH_LIBSSH_H`.
- For parsing purposes, we should only accept what we must and not be
- overly liberal. It leads to surprises and surprises lead to bad things.
+ Also delete `LIBSSH_WIN32`, `LIBSSH_LIBRARY` and `HAVE_LIBSSH` from
+ `winbuild/MakefileBuild.vc`, these were the result of copy-pasting the
+ libssh2 line, and were not having any use.
- Closes #9432
+ - Delete unused `HAVE_LIBPSL_H` and `HAVE_LIBPSL`.
-- ctype: remove all use of <ctype.h>, use our own versions
+ Reviewed-by: Daniel Stenberg
- Except in the test servers.
+ Closes #9652
- Closes #9433
+Daniel Stenberg (6 Oct 2022)
-Marc Hoersken (5 Sep 2022)
+- netrc: compare user name case sensitively
-- cmake: skip superfluous hex2dec conversion using math expr
+ User name comparisions in netrc need to match the case.
- CMake seems to be able to compare two hex values just fine.
- Also make sure CURL_TARGET_WINDOWS_VERSION is respected.
+ Closes #9657
- Assisted-by: Marcel Raad
- Reviewed-by: Viktor Szakats
- Reported-by: Keitagit-kun on github
+- CURLOPT_COOKIEFILE: insist on "" for enable-without-file
- Follow up to #9312
- Fixes #9406
- Closes #9411
+ The former way that also suggested using a non-existing file to just
+ enable the cookie engine could lead to developers maybe a bit carelessly
+ guessing a file name that will not exist, and then in a future due to
+ circumstances, such a file could be made to exist and then accidentally
+ libcurl would read cookies not actually meant to.
-Daniel Stenberg (5 Sep 2022)
+ Reported-by: Trail of bits
-- curl_easy_pause.3: unpausing is as fast as possible
+ Closes #9654
- Reported-by: ssdbest on github
- Fixes #9410
- Closes #9430
+- tests/Makefile: remove run time stats from ci-test
-- CURLOPT_DNS_INTERFACE.3: mention it works for almost all protocols
+ The ci-test is the normal makefile target invoked in CI jobs. This has
+ been using the -r option to runtests.pl since a long time, but I find
+ that it mostly just adds many lines to the test output report without
+ anyone caring much about those stats.
- Except file.
+ Remove it.
- Reported-by: ProceduralMan on github
- Fixes #9427
- Closes #9428
+ Closes #9656
-- NPN: remove support for and use of
+Patrick Monnerat (6 Oct 2022)
- Next Protocol Negotiation is a TLS extension that was created and used
- for agreeing to use the SPDY protocol (the precursor to HTTP/2) for
- HTTPS. In the early days of HTTP/2, before the spec was finalized and
- shipped, the protocol could be enabled using this extension with some
- servers.
+- tool: reorganize function c_escape around a dynbuf
- curl supports the NPN extension with some TLS backends since then, with
- a command line option `--npn` and in libcurl with
- `CURLOPT_SSL_ENABLE_NPN`.
+ This is a bit shorter and a lot safer.
- HTTP/2 proper is made to use the ALPN (Application-Layer Protocol
- Negotiation) extension and the NPN extension has no purposes
- anymore. The HTTP/2 spec was published in May 2015.
+ Substrings of unescaped characters are added by a single call to reduce
+ overhead.
- Today, use of NPN in the wild should be extremely rare and most likely
- totally extinct. Chrome removed NPN support in Chrome 51, shipped in
- June 2016. Removed in Firefox 53, April 2017.
+ Extend test 1465 to handle more kind of escapes.
- Closes #9307
+ Closes #9653
-- RELEASE-NOTES: synced
+Jay Satiro (5 Oct 2022)
- and bump the tentative next release version to 7.85.1
+- CURLOPT_HTTPPOST.3: bolden the deprecation notice
-Samuel Henrique (4 Sep 2022)
+ Ref: https://github.com/curl/curl/pull/9621
-- configure: fail if '--without-ssl' + explicit parameter for an ssl lib
+ Closes https://github.com/curl/curl/pull/9637
- A side effect of a previous change to configure (576e507c78bdd2ec88)
- exposed a non-critical issue that can happen if configure is called with
- both '--without-ssl' and some parameter setting the use of a ssl library
- (e.g. --with-gnutls). The configure script would end up assuming this is
- a MultiSSL build, due to the way the case statement is written.
+John Bampton (5 Oct 2022)
- I have changed the order of the variables in the string concatenation
- for the case statement and also tweaked the options so that
- --without-ssl never turns the build into a MultiSSL one and also clearly
- stating that there are conflicting parameters if the user sets it like
- described above.
+- misc: fix spelling in docs and comments
- Closes #9414
+ also: remove outdated sentence
-Daniel Stenberg (4 Sep 2022)
+ Closes #9644
-- tests/certs/scripts: insert standard curl source headers
+Patrick Monnerat (5 Oct 2022)
- ... including the SPDX-License-Identifier.
+- tool: avoid generating ambiguous escaped characters in --libcurl
- These omissions were not detected by the RUEUSE CI job nor the copyright.pl
- scanners because we have a general wildcard in .reuse/dep5 for
- "tests/certs/*".
+ C string hexadecimal-escaped characters may have more than 2 digits.
+ This results in a wrong C compiler interpretation of a 2-digit escaped
+ character when followed by an hex digit character.
- Reported-by: Samuel Henrique
- Fixes #9417
- Closes #9420
+ The solution retained here is to represent such characters as 3-digit
+ octal escapes.
-Samuel Henrique (2 Sep 2022)
+ Adjust and extend test 1465 for this case.
-- docs: remove mentions of deprecated '--without-openssl' config parameter
+ Closes #9643
- Closes #9415
+Daniel Stenberg (5 Oct 2022)
-- manpages: Fix spelling of "allows to" -> "allows one to"
+- configure: the ngtcp2 option should default to 'no'
- References:
- https://salsa.debian.org/lintian/lintian/-/blob/master/tags/t/typo-in-manual
- -page.tag
- https://english.stackexchange.com/questions/60271/grammatical-complements-fo
- r-allow/60285#60285
+ While still experimental.
- Closes #9419
+ Bug: https://curl.se/mail/lib-2022-10/0007.html
+ Reported-by: Daniel Hallberg
-- CURLOPT_WILDCARDMATCH.3: Fix backslash escaping under single quotes
+ Closes #9650
- Lintian (on Debian) has been complaining about this for a while but
- I didn't bother initially as the groff parser that we use is not
- affected by this.
+- CURLOPT_MIMEPOST.3: add an (inline) example
- But I have now noticed that the online manpage is affected by it:
- https://curl.se/libcurl/c/CURLOPT_WILDCARDMATCH.html
+ Reported-by: Jay Satiro
+ Bug: https://github.com/curl/curl/pull/9637#issuecomment-1268070723
- (I'm using double quotes for quoting-only down below)
+ Closes #9649
- The section that should be parsed as "'\'" ends up being parsed as
- "'´".
+Viktor Szakats (5 Oct 2022)
- This is due to roffit not parsing "'\\'" correctly, which is fine
- as the "correct" way of writing "'\'" is "'\e'" instead.
+- Makefile.m32: exclude libs & libpaths for shared mode exes [ci skip]
- Note that this fix is not enough to fix the online manpage at
- curl's website, as roffit seems to parse it wrongly either way.
+ Exclude linker flags specifying depedency libs and libpaths, when
+ building against `libcurl.dll`. In such case these options are not
+ necessary (but may cause errors if not/wrongly configured.)
- My intent is to at least fix the manpage so that roffit can
- be changed to parse "'\e'" correctly (although I suggest making
- roffit parse both ways correctly, since that's what groff does).
+ Also move and reword a comment on `CPPFLAGS` to not apply to
+ `UNICODE` options. These are necessary for all build targets.
- More details at:
- https://bugs.debian.org/966803
- https://salsa.debian.org/lintian/lintian/-/blob/930b18e4b28b7540253f458ef42a
- 884cca7965c3/tags/a/acute-accent-in-manual-page.tag
+ Closes #9651
- Closes #9418
+Jay Satiro (5 Oct 2022)
-Daniel Stenberg (1 Sep 2022)
+- runtests: fix uninitialized value on ignored tests
-- tool_operate: reduce errorbuffer allocs
+ - Don't show TESTFAIL message (ie tests failed which aren't ignored) if
+ only ignored tests failed.
- - parallel transfers: only alloc and keep errorbuffers in memory for
- actual "live" transfers and not for the ones in the pending queue
+ Before:
+ IGNORED: failed tests: 571 612 1056
+ TESTDONE: 1214 tests out of 1217 reported OK: 99%
+ Use of uninitialized value $failed in concatenation (.) or string at
+ ./runtests.pl line 6290.
+ TESTFAIL: These test cases failed:
- - serial transfers: reuse the same fixed buffer for all transfers, not
- allocated at all.
+ After:
+ IGNORED: failed tests: 571 612 1056
+ TESTDONE: 1214 tests out of 1217 reported OK: 99%
- Closes #9394
+ Closes https://github.com/curl/curl/pull/9648
-Viktor Szakats (31 Aug 2022)
+- cirrus: use make LDFLAGS=-all-static instead of curl_LDFLAGS
-- misc: spelling fixes
+ - Correct the use of -all-static for static Windows CI builds.
- Found using codespell 2.2.1.
+ curl_LDFLAGS was removed from the makefile when metalink support was
+ removed. LDFLAGS=-all-static is passed to make only, because it is not a
+ valid option for configure compilation tests.
- Also delete the redundant protocol designator from an archive.org URL.
+ Closes https://github.com/curl/curl/pull/9633
- Reviewed-by: Daniel Stenberg
- Closes #9403
+Viktor Szakats (4 Oct 2022)
-Daniel Stenberg (31 Aug 2022)
+- Makefile.m32: fix regression with tool_hugehelp [ci skip]
-- tool_progress: remove 'Qd' from the parallel progress bar
+ In a recent commit I mistakenly deleted this logic, after seeing a
+ reference to a filename ending with `.cvs` and thinking it must have
+ been long gone. Turns out this is an existing file. Restore the rule
+ and the necessary `COPY` definitions with it.
- The "queued" value is no longer showing anything useful to the user. It
- is an internal number of transfers waiting at that moment.
+ The restored logic is required for a successful build on a bare source
+ tree (as opposed to a source release tarball).
- Closes #9389
+ Also shorten an existing condition similar to the one added in this
+ patch.
-- tool_operate: prevent over-queuing in parallel mode
+ Regression since 07a0047882dd3f1fbf73486c5dd9c15370877ad6
- When doing a huge amount of parallel transfers, we must not add them to
- the per_transfer list frivolously since they all use memory after all.
- This was previous done without really considering millions or billions
- of transfers. Massive parallelism would use a lot of memory for no good
- purpose.
+ Closes #9645
- The queue is now limited to twice the paralleism number.
+- Makefile.m32: deduplicate build rules [ci skip]
- This makes the 'Qd' value in the parallel progress meter mostly useless
- for users, but works for now for us as a debug display.
+ After this patch, we reduce the three copies of most `Makefile.m32`
+ logic to one. This now resides in `lib/Makefile.m32`. It makes future
+ updates easier, the code shorter, with a small amount of added
+ complexity.
- Reported-by: justchen1369 on github
- Fixes #8933
- Closes #9389
+ `Makefile.m32` reduction:
-Viktor Szakats (31 Aug 2022)
+ | | bytes | LOC total | blank | comment | code |
+ |-------------------|-------:|----------:|-------:|---------:|------:|
+ | 7.85.0 | 34772 | 1337 | 79 | 192 | 1066 |
+ | before this patch | 17601 | 625 | 62 | 106 | 457 |
+ | after this patch | 11680 | 392 | 52 | 104 | 236 |
-- cmake: fix original MinGW builds
+ Details:
- 1. Re-enable `HAVE_GETADDRINFO` detection on Windows
+ - Change rules to create objects for the `v*` subdirs in the `lib` dir.
+ This allows to use a shared compile rule and assumes that filenames
+ are not (and will not be) colliding across these directories.
+ `Makefile.m32` now also stores a list of these subdirs. They are
+ changing rarely though.
- Commit d08ee3c83d6bd416aef62ff844c98e47c4682429 (in 2013) added logic
- that automatically assumed `getaddrinfo()` to be present for builds
- with IPv6 enabled. As it turns out, certain toolchains (e.g. original
- MinGW) by default target older Windows versions, and thus do not
- support `getaddrinfo()` out of the box. The issue was masked for
- a while by CMake builds forcing a newer Windows version, but that
- logic got deleted in commit 8ba22ffb2030ed91312fc8634e29516cdf0a9761.
- Since then, some CI builds started failing due to IPv6 enabled,
- `HAVE_GETADDRINFO` set, but `getaddrinfo()` in fact missing.
+ - Sync as much as possible between the three `Makefile.m32` scripts'
+ rules and their source/target sections.
- It also turns out that IPv6 works without `getaddrinfo()` since commit
- 67a08dca27a6a07b36c7f97252e284ca957ff1a5 (from 2019, via #4662). So,
- to resolve all this, we can now revert the initial commit, thus
- restoring `getaddrinfo()` detection and support IPv6 regardless of its
- outcome.
+ - After this patch `CPPFLAGS` are all applied to the `src` sources once
+ again. This matches the behaviour of cmake/autotools. Only zlib ones
+ are actually required there.
- Reported-by: Daniel Stenberg
+ - Use `.rc` names from `Makefile.inc` instead of keeping a duplicate.
- 2. Omit `bcrypt` with original MinGW
+ - Change examples to link `libcurl.dll` by default. This makes building
+ trivial, even as a cross-build:
+ `CC=x86_64-w64-mingw32-gcc make -f Makefile.m32`
+ To run them, you need to move/copy or add-to-path `libcurl.dll`.
+ You can select static mode via `CFG=-static`.
- Original (aka legacy/old) MinGW versions do not support `bcrypt`
- (introduced with Vista). We already have logic to handle that in
- `lib/rand.c` and autotools builds, where we do not call the
- unsupported API and do not link `bcrypt`, respectively, when using
- original MinGW.
+ - List more of the `Makefile.m32` config variables.
- This patch ports that logic to CMake, fixing the link error:
- `c:/mingw/bin/../lib/gcc/mingw32/9.2.0/../../../../mingw32/bin/ld.exe: can
- not find -lbcrypt`
+ - Drop `.rc` support from examples. It made it fragile without much
+ benefit.
- Ref: https://ci.appveyor.com/project/curlorg/curl/builds/44624888/job/40vl
- e84cn4vle7s0#L508
- Regression since 76172511e7adcf720f4c77bd91f49278300ec97e
+ - Include a necessary system lib for the `externalsocket.c` example.
- Fixes #9214
- Fixes #9393
- Fixes #9395
- Closes #9396
+ - Exclude unnecessary systems libs when building in `-dyn` mode.
-Version 7.85.0 (31 Aug 2022)
+ Closes #9642
-Daniel Stenberg (31 Aug 2022)
+Daniel Stenberg (4 Oct 2022)
- RELEASE-NOTES: synced
- curl 7.85.0 release
+- CURLOPT_COOKIELIST.3: fix formatting mistake
+
+ Also, updated manpage-syntax.pl to make it detect this error in test
+ 1173.
-- THANKS: add contributors from the 7.85.0 release
+ Reported-by: ProceduralMan on github
+ Fixes #9639
+ Closes #9640
-- getparam: correctly clean args
+Jay Satiro (4 Oct 2022)
- Follow-up to bf7e887b2442783ab52
+- connect: change verbose IPv6 address:port to [address]:port
- The previous fix for #9128 was incomplete and caused #9397.
+ - Use brackets for the IPv6 address shown in verbose message when the
+ format is address:port so that it is less confusing.
- Fixes #9397
- Closes #9399
+ Before: Trying 2606:4700:4700::1111:443...
+ After: Trying [2606:4700:4700::1111]:443...
-- zuul: remove the clang-tidy job
+ Bug: https://curl.se/mail/archive-2022-02/0041.html
+ Reported-by: David Hu
- Turns out we don't see the warnings, but the warnings right now are
- plain ridiculous and unhelpful so we can just as well just kill this
- job.
+ Closes #9635
- Closes #9390
+Viktor Szakats (3 Oct 2022)
-- cmake: set feature PSL if present
+- Makefile.m32: major rework [ci skip]
- ... make test 1014 pass when libpsl is used.
+ This patch overhauls `Makefile.m32` scripts, fixing a list of quirks,
+ making its behaviour and customization envvars align better with other
+ build systems, aiming for less code, that is easier to read, use and
+ maintain.
- Closes #9391
+ Details:
+ - Rename customization envvars:
+ `CURL_CC` -> `CC`
+ `CURL_RC` -> `RC`
+ `CURL_AR` -> `AR`
+ `CURL_LDFLAG_EXTRAS_DLL` -> `CURL_LDFLAGS_LIB`
+ `CURL_LDFLAG_EXTRAS_EXE` -> `CURL_LDFLAGS_BIN`
+ - Drop `CURL_STRIP` and `CURL_RANLIB`. These tools are no longer used.
+ - Accept `CFLAGS`, `CPPFLAGS`, `RCFLAGS`, `LDFLAGS` and `LIBS` envvars.
+ - Drop `CURL_CFLAG_EXTRAS`, `CURL_LDFLAG_EXTRAS`, `CURL_RCFLAG_EXTRAS` in
+ favor of the above.
+ - Do not automatically enable `zlib` with `libssh2`. `zlib` is optional
+ with `libssh2`.
+ - Omit unnecessary `CPPFLAGS` options when building `curl.exe` and
+ examples.
+ - Drop support for deprecated `-winssl` `CFG` option. Use `-schannel`
+ instead.
+ - Avoid late evaluation where not necessary (`=` -> `:=`).
+ - Drop support for `CURL_DLL_A_SUFFIX` to override the implib suffix.
+ Instead, use the standard naming scheme by default: `libcurl.dll.a`.
+ The toolchain recognizes the name, and selects it automatically when
+ asking for a `-shared` vs. `-static` build.
+ - Stop applying `strip` to `libcurl.a`. Follow-up from
+ 16a58e9f93c7e89e1f87720199388bcfcfa148a4. There was no debug info to
+ strip since then.
+ - Stop setting `-O3`, `-W`, `-Wall` options. You can add these to
+ `CFLAGS` as desired.
+ - Always enable `-DCURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG` with OpenSSL,
+ to avoid that vulnerability on Windows.
+ - Add `-lbrotlicommon` to `LIBS` when using `brotli`.
+ - Do not enable `-nghttp3` without `-ngtcp2`.
+ - `-ssh2` and `-rtmp` options no longer try to auto-select a TLS-backend.
+ You need to set the backend explicitly. This scales better and avoids
+ issues with certain combinations (e.g. `libssh2` + `wolfssl` with no
+ `schannel`).
+ - Default to OpenSSL TLS-backend with `ngtcp2`. Possible to override via
+ `NGTCP2_LIBS`.
+ - Old, alternate method of enabling components (e.g. `SSH2=1`) no longer
+ supported.
+ - Delete `SPNEGO` references. They were no-ops.
+ - Drop support for Win9x environments.
+ - Allow setting `OPENSSL_LIBS` independently from `OPENSSL_LIBPATH`.
+ - Support autotools/CMake `libssh2` builds by default.
+ - Respect `CURL_DLL_SUFFIX` in `-dyn` mode when building `curl.exe` and
+ examples.
+ - Assume standard directory layout with `LIBCARES_PATH`. (Instead of the
+ long gone embedded one.)
+ - Stop static linking with c-ares by default. Add
+ `CPPFLAGS=-DCARES_STATICLIB` to enable it.
+ - Reorganize internal layout to avoid redundancy and emit clean diffs
+ between src/lib and example make files.
+ - Delete unused variables.
+ - Code cleanups/rework.
+ - Comment and indentation fixes.
-- lib530: simplify realloc failure exit path
+ Closes #9632
- To make code analyzers happier
+- scripts/release-notes.pl: strip ci skip tag [ci skip]
- Closes #9392
+ Ref: https://github.com/curl/curl/commit/e604a82cae922bf86403a94f5803ac5e4303
+ ae97#commitcomment-85637701
-Orgad Shaneh (29 Aug 2022)
+ Reviewed-by: Daniel Stenberg
-- tests: add tests for netrc login/password combinations
+ Closes #9634
- Covers the following PRs:
+- Makefile.m32: delete legacy component bits [ci skip]
- - #9066
- - #9247
- - #9248
+ - Drop auto-detection of OpenSSL 1.0.2 and earlier. Now always defaulting
+ to OpenSSL 1.1.0 and later, LibreSSL and BoringSSL.
- Closes #9256
+ - Drop `Invalid path to OpenSSL package` detection. OpenSSL has been
+ using a standard file layout since 1.1.0, so this seems unnecessary
+ now.
-- url: really use the user provided in the url when netrc entry exists
+ - Drop special logic to enable Novell LDAP SDK support.
- If the user is specified as part of the URL, and the same user exists
- in .netrc, Authorization header was not sent at all.
+ - Drop special logic to enable OpenLDAP LDAP SDK support. This seems
+ to be distinct from native OpenLDAP, with support implemented inside
+ `lib/ldap.c` (vs. `lib/openldap.c`) back when the latter did not exist
+ yet in curl.
- The user and password fields were assigned in conn->user and password
- but the user was not assigned to data->state.aptr, which is the field
- that is used in output_auth_headers and friends.
+ - Add `-lwldap32` only if there is no other LDAP library (either native
+ OpenLDAP, or SDKs above) present.
- Fix by assigning the user also to aptr.
+ - Update `doc/INSTALL.md` accordingly.
- Amends commit d1237ac906ae7e3cd7a22c3a2d3a135a97edfbf5.
+ After this patch, it's necessary to make configration changes when using
+ OpenSSL 1.0.2 or earlier, or the two LDAP SDKs.
- Fixes #9243
+ OpenSSL 1.0.2 and earlier:
+ ```
+ export OPENSSL_INCLUDE = <path-to-openssl>/outinc
+ export OPENSSL_LIBPATH = <path-to-openssl>/out
+ export OPENSSL_LIBS = -lssl32 -leay32 -lgdi32
+ ```
-- netrc: Use the password from lines without login
+ Novell LDAP SDK, previously enabled via `USE_LDAP_NOVELL=1`:
+ ```
+ export CURL_CFLAG_EXTRAS = -I<path-to-sdk>/inc -DCURL_HAS_NOVELL_LDAPSDK
+ export CURL_LDFLAG_EXTRAS = -L<path-to-sdk>/lib/mscvc -lldapsdk -lldapssl -ll
+ dapx
+ ```
- If netrc entry has password with empty login, use it for any username.
+ OpenLDAP LDAP SDK, previously enabled via `USE_LDAP_OPENLDAP=1`:
+ ```
+ export CURL_CFLAG_EXTRAS = -I<path-to-sdk>/include -DCURL_HAS_OPENLDAP_LDAPSD
+ K
+ export CURL_LDFLAG_EXTRAS = -L<path-to-sdk>/lib -lldap -llber
+ ```
- Example:
- .netrc:
- machine example.com password 123456
+ I haven't tested these scenarios, and in general we recommend using
+ a recent OpenSSL release. Also, WinLDAP (the Windows default) and
+ OpenLDAP (via `-DUSE_OPENLDAP`) are the LDAP options actively worked on
+ in curl.
- curl -vn http://user@example.com/
+ Closes #9631
- Fix it by initializing state_our_login to TRUE, and reset it only when
- finding an entry with the same host and different login.
+Daniel Stenberg (2 Oct 2022)
- Closes #9248
+- vauth/ntlm.h: make line shorter than 80 columns
-Jay Satiro (29 Aug 2022)
+ Follow-up from 265fbd937
-- url: treat missing usernames in netrc as empty
+Viktor Szakats (1 Oct 2022)
- - If, after parsing netrc, there is a password with no username then
- set a blank username.
+- docs: update sourceforge project links [ci skip]
- This used to be the case prior to 7d600ad (precedes 7.82). Note
- parseurlandfillconn already does the same thing for URLs.
+ SourceForge projects can now choose between two hostnames, with .io and
+ .net ending. Both support HTTPS by default now. Opening the other variant
+ will perm-redirected to the one chosen by the project.
- Reported-by: Raivis <standsed@users.noreply.github.com>
- Testing-by: Domen Kožar
+ The .io -> .net redirection is done insecurely.
- Fixes https://github.com/curl/curl/issues/8653
- Closes #9334
- Closes #9066
+ Let's update the URLs to point to the current canonical endpoints to
+ avoid any redirects.
-Daniel Stenberg (29 Aug 2022)
+ Closes #9630
-- test8: verify that "ctrl-byte cookies" are ignored
+Daniel Stenberg (1 Oct 2022)
-- cookie: reject cookies with "control bytes"
+- curl_url_set.3: document CURLU_APPENDQUERY proper
- Rejects 0x01 - 0x1f (except 0x09) plus 0x7f
+ Listed among the other supported flags.
- Reported-by: Axel Chong
+ Reported-by: Robby Simpson
+ Fixes #9628
+ Closes #9629
- Bug: https://curl.se/docs/CVE-2022-35252.html
+Viktor Szakats (1 Oct 2022)
- CVE-2022-35252
+- Makefile.m32: cleanups and fixes [ci skip]
- Closes #9381
+ - Add `-lcrypt32` once, and add it always for simplicity.
+ - Delete broken link and reference to the pre-Vista WinIDN add-on.
+ MS no longer distribute it.
+ - Delete related `WINIDN_PATH` option. IDN is a system lib since Vista.
+ - Sync `LIBCARES_PATH` default with the rest of dependencies.
+ - Delete version numbers from dependency path defaults.
+ - `libgsasl` package is now called `gsasl`.
+ - Delete `libexpat` and `libxml2` references. No longer used by curl.
+ - Delete `Edit the path below...` comments. We recommend to predefine
+ those envvars instead.
+ - `libcares.a` is not an internal dependency anymore. Stop using it as
+ such.
+ - `windres` `--include-dir` -> `-I`, `-F` -> `--target=` for readability.
+ - Delete `STRIP`, `CURL_STRIP`, `AR` references from `src/Makefile.m32`.
+ They were never used.
+ - Stop to `clean` some objects twice in `src/Makefile.m32`.
+ - Delete cvs-specific leftovers.
+ - Finish resource support in examples make file.
+ - Delete `-I<root>/lib` from examples make file.
+ - Fix copyright start year in examples make file.
+ - Delete duplicate `ftpuploadresume` input in examples make file.
+ - Sync OpenSSL lib order, `SYNC` support, `PROOT` use, dependency path
+ defaults, variables names and other internal bits between the three
+ make files.
+ - `lib/Makefile.m32` accepted custom options via `DLL_LIBS` envvar. This
+ was lib-specific and possibly accidental. Use `CURL_LDFLAG_EXTRAS_DLL`
+ envvar for the same effect.
+ - Fix linking `curl.exe` and examples to wrong static libs with
+ auto-detected OpenSSL 1.0.2 or earlier.
+ - Add `-lgdi32` for OpenSSL 1.0.2 and earlier only.
+ - Add link to Novell LDAP SDK and use a relative default path. Latest
+ version is from 2016, linked to an outdated OpenSSL 1.0.1.
+ - Whitespace and comment cleanups.
-- libssh: ignore deprecation warnings
+ TODO in a next commit:
- libssh 0.10.0 marks all SCP functions as "deprecated" which causes
- compiler warnings and errors in our CI jobs and elsewhere. Ignore
- deprecation warnings if 0.10.0 or later is found in the build.
+ Delete built-in detection/logic for OpenSSL 1.0.2 and earlier, the Novell
+ LDAP SDK and the other LDAP SDK (which is _not_ OpenLDAP). Write up the
+ necessary custom envvars to configure them.
- If they actually remove the functions at a later point, then someone can
- deal with that pain and functionality break then.
+ Closes #9616
- Fixes #9382
- Closes #9383
+Daniel Stenberg (30 Sep 2022)
-- Revert "schannel: when importing PFX, disable key persistence"
+- RELEASE-NOTES: synced
- This reverts commit 70d010d285315e5f1cad6bdb4953e167b069b692.
+Matt Holt (30 Sep 2022)
- Due to further reports in #9300 that indicate this commit might
- introduce problems.
+- HTTP3.md: update Caddy example
-- multi: use larger dns hash table for multi interface
+ Closes #9623
- Have curl_multi_init() use a much larger DNS hash table than used for
- the easy interface to scale and perform better when used with _many_
- host names.
+Daniel Stenberg (30 Sep 2022)
- curl_share_init() sets an in-between size.
+- easy: fix the altsvc init for curl_easy_duphandle
- Inspired-by: Ivan Tsybulin
- See #9340
- Closes #9376
+ It was using the old #ifdef which nothing sets anymore
-Marc Hoersken (28 Aug 2022)
+ Closes #9624
-- CI/runtests.pl: add param for dedicated curl to talk to APIs
+- GHA: build tests in a separate step from the running of them
- This should make it possible to also report test failures
- if our freshly build curl binary is not fully functional.
+ ... to make the output smaller for when you want to look at test
+ failures.
- Reviewed-by: Daniel Stenberg
- Closes #9360
+ Removed the examples build from msh3
-Jacob Tolar (27 Aug 2022)
+ Closes #9619
-- openssl: add cert path in error message
+Viktor Szakats (29 Sep 2022)
- Closes #9349
+- ldap: delete stray CURL_HAS_MOZILLA_LDAP reference
-- cert.d: clarify that escape character works for file paths
+ Added in 68b215157fdf69612edebdb220b3804822277822, while adding openldap
+ support. This is also the single mention of this constant in the source
+ tree and also in that commit. Based on these, it seems like an accident.
- Closes #9349
+ Delete this reference.
-Daniel Stenberg (27 Aug 2022)
+ Reviewed-by: Daniel Stenberg
-- gha: move over ngtcp2-gnutls CI job from zuul
+ Closes #9625
- Closes #9331
+- docs: spelling nits
-Marc Hoersken (26 Aug 2022)
+ - MingW -> MinGW (Minimalist GNU for Windows)
+ - f.e. -> e.g.
+ - some whitespace and punctuation.
-- cmake: add detection of threadsafe feature
+ Reviewed-by: Daniel Stenberg
- Avoids failing test 1014 by replicating configure checks
- for HAVE_ATOMIC and _WIN32_WINNT with custom CMake tests.
+ Closes #9622
- Reviewed-by: Marcel Raad
+Philip Heiduck (29 Sep 2022)
- Follow up to #8680
- Closes #9312
+- cirrus-ci: add macOS build with m1
-Daniel Stenberg (26 Aug 2022)
+ Signed-off-by: Philip H <47042125+pheiduck@users.noreply.github.com>
-- RELEASE-NOTES: synced
+ Closes #9565
-Marc Hoersken (26 Aug 2022)
+Patrick Monnerat (29 Sep 2022)
-- CI/azure: align torture shallowness with GHA
+- lib: sanitize conditional exclusion around MIME
- There 25 is used with FTP tests skipped, and 20 for FTP tests.
- This should make torture tests stay within the 60min timeout.
+ The introduction of CURL_DISABLE_MIME came with some additional bugs:
+ - Disabled MIME is compiled-in anyway if SMTP and/or IMAP is enabled.
+ - CURLOPT_MIMEPOST, CURLOPT_MIME_OPTIONS and CURLOPT_HTTPHEADER are
+ conditioned on HTTP, although also needed for SMTP and IMAP MIME mail
+ uploads.
- Reviewed-by: Daniel Stenberg
- Closes #9371
+ In addition, the CURLOPT_HTTPHEADER and --header documentation does not
+ mention their use for MIME mail.
-- multi_wait: fix and improve Curl_poll error handling on Windows
+ This commit fixes the problems above.
- First check for errors and return CURLM_UNRECOVERABLE_POLL
- before moving forward and waiting on socket readiness events.
+ Closes #9610
- Reviewed-by: Jay Satiro
- Reviewed-by: Marcel Raad
+Thiago Suchorski (29 Sep 2022)
- Reported-by: Daniel Stenberg
- Ref: #9361
+- docs: minor grammar fixes
- Follow up to #8961
- Closes #9372
+ Closes #9609
-- multi_wait: fix skipping to populate revents for extra_fds
+Daniel Stenberg (28 Sep 2022)
- On Windows revents was not populated for extra_fds if
- multi_wait had to wait due to the Curl_poll pre-check
- not signalling any readiness. This commit fixes that.
+- CURLSHOPT_UNLOCKFUNC.3: the callback as no 'access' argument
- Reviewed-by: Marcel Raad
- Reviewed-by: Jay Satiro
+ Probably a copy and paste error from the lock function man page.
- Closes #9361
+ Reported-by: Robby Simpson
+ Fixes #9612
+ Closes #9613
-- CI/appveyor: disable TLS in msys2-native autotools builds
+- CURLOPT_ACCEPT_ENCODING.3: remove "four" as they are five
- Schannel cannot be used from msys2-native Linux-emulated builds.
+ ... instead just list the supported encodings.
- Reviewed-by: Marcel Raad
- Reviewed-by: Daniel Stenberg
+ Reported-by: ProceduralMan on github
+ Fixes #9614
+ Closes #9615
- Follow up to #9367
- Closes #9370
+Dan Fandrich (28 Sep 2022)
-Jay Satiro (25 Aug 2022)
+- tests: Remove a duplicated keyword
-- tests: fix http2 tests to use CRLF headers
+- docs: document more server names for test files
- Prior to this change some tests that rely on nghttpx proxy did not use
- CRLF headers everywhere. A recent change in nghttp2, which updated its
- version of llhttp (HTTP parser), requires curl's HTTP/1.1 test server to
- use CRLF headers.
+Daniel Stenberg (28 Sep 2022)
- Ref: https://github.com/nghttp2/nghttp2/commit/9d389e8
+- altsvc: reject bad port numbers
- Fixes https://github.com/curl/curl/issues/9364
- Closes https://github.com/curl/curl/pull/9365
+ The existing code tried but did not properly reject alternative services
+ using negative or too large port numbers.
-rcombs (25 Aug 2022)
+ With this fix, the logic now also flushes the old entries immediately
+ before adding a new one, making a following header with an illegal entry
+ not flush the already stored entry.
-- multi: use a pipe instead of a socketpair on apple platforms
+ Report from the ongoing source code audit by Trail of Bits.
- Sockets may be shut down by the kernel when the app is moved to the
- background, but pipes are not.
+ Adjusted test 356 to verify.
- Removed from KNOWN_BUGS
+ Closes #9607
- Fixes #6132
- Closes #9368
+- functypes: provide the recv and send arg and return types
-Somnath Kundu (25 Aug 2022)
+ This header is for providing the argument types for recv() and send()
+ when built to not use a dedicated config-[platfor].h file.
-- libssh2: provide symlink name in SFTP dir listing
+ Remove the slow brute-force checks from configure and cmake.
- When reading the symbolic link name for a file, we need to add the file
- name to base path name.
+ This change also removes the use of the types for select, as they were
+ not used in code.
- Closes #9369
+ Closes #9592
-Daniel Stenberg (25 Aug 2022)
+- urlapi: reject more bad characters from the host name field
-- configure: if asked to use TLS, fail if no TLS lib was detected
+ Extended test 1560 to verify
- Previously the configure script would just warn about this fact and
- continue with TLS disabled build which is not always helpful. TLS should
- be explicitly disabled if that is what the user wants.
+ Report from the ongoing source code audit by Trail of Bits.
- Closes #9367
+ Closes #9608
-Dustin Howett (25 Aug 2022)
+- configure: deprecate builds with small curl_off_t
-- schannel: when importing PFX, disable key persistence
+ If curl_off_t turns out to be smaller than 8 bytes,
+ --with-n64-deprecated needs to be used to allow the build to
+ continue. This is to highlight the fact that support for such builds is
+ going away next year.
- By default, the PFXImportCertStore API persists the key in the user's
- key store (as though the certificate was being imported for permanent,
- ongoing use.)
+ Also mentioned in DEPRECATED.md
- The documentation specifies that keys that are not to be persisted
- should be imported with the flag `PKCS12_NO_PERSIST_KEY`.
- NOTE: this flag is only supported on versions of Windows newer than XP
- and Server 2003.
+ Closes #9605
- Fixes #9300
- Closes #9363
+Patrick Monnerat (27 Sep 2022)
-Daniel Stenberg (23 Aug 2022)
+- http, vauth: always provide Curl_allow_auth_to_host() functionality
-- unit1303: four tests should have TRUE for 'connecting'
+ This function is currently located in the lib/http.c module and is
+ therefore disabled by the CURL_DISABLE_HTTP conditional token.
- To match the comments.
+ As it may be called by TLS backends, disabling HTTP results in an
+ undefined reference error at link time.
- Reported-by: Wu Zheng
+ Move this function to vauth/vauth.c to always provide it and rename it
+ as Curl_auth_allowed_to_host() to respect the vauth module naming
+ convention.
- See #9355
- Closes #9356
+ Closes #9600
-- CURLOPT_BUFFERSIZE.3: add upload buffersize to see also
+Daniel Stenberg (27 Sep 2022)
- Closes #9354
+- ngtcp2: fix C89 compliance nit
-Fabian Fischer (23 Aug 2022)
+- openssl: make certinfo available for QUIC
-- HTTP3.md: add missing autoreconf command for building with wolfssl
+ Curl_ossl_certchain() is now an exported function in lib/vtls/openssl.c that
+ can also be used from quiche.c and ngtcp2.c to get the cert chain for QUIC
+ connections as well.
- Closes #9353
+ The *certchain function was moved to the top of the file for this reason.
-Daniel Stenberg (23 Aug 2022)
+ Reported-by: Eloy Degen
+ Fixes #9584
+ Closes #9597
- RELEASE-NOTES: synced
-- multi: have curl_multi_remove_handle close CONNECT_ONLY transfer
+- DEPRECATE.md: Support for systems without 64 bit data types
- Ẃhen it has been used in the multi interface, it is otherwise left in
- the connection cache, can't be reused and nothing will close them since
- the easy handle loses the association with the multi handle and thus the
- connection cache - until the multi handle is closed or it gets pruned
- because the cache is full.
+ Closes #9604
- Reported-by: Dominik Thalhammer
- Fixes #9335
- Closes #9342
+Patrick Monnerat (27 Sep 2022)
-- docs/cmdline-opts: remove \& escapes from all .d files
+- tests: skip mime/form tests when mime is not built-in
- gen.pl escapes them itself now
+ Closes #9596
-- docs/cmdline-opts/gen.pl: encode leading single and double quotes
+Daniel Stenberg (27 Sep 2022)
- As "(aq" and "(dq" to prevent them from implying a meaning in the nroff
- output. This removes the need for using \& escapes in the .d files'
- description parts.
+- url: rename function due to name-clash in Watt-32
- Closes #9352
+ Follow-up to 2481dbe5f4f58 and applies the change the way it was
+ intended.
-Marc Hoersken (23 Aug 2022)
+Viktor Szakats (26 Sep 2022)
-- tests/server/sockfilt.c: avoid race condition without a mutex
+- windows: adjust name of two internal public functions
- Avoid loosing any triggered handles by first aborting and joining
- the waiting threads before evaluating the individual signal state.
+ According to `docs/INTERNALS.md`, internal function names spanning source
+ files start with uppercase `Curl_`. Bring these two functions in
+ alignment with this.
- This removes the race condition and therefore need for a mutex.
+ This also stops exporting them from `libcurl.dll` in autotools builds.
- Closes #9023
+ Reviewed-by: Daniel Stenberg
-Emil Engler (22 Aug 2022)
+ Closes #9598
-- url: output the maximum when rejecting a url
+Gisle Vanem (26 Sep 2022)
- This commit changes the failf message to output the maximum length, when
- curl refuses to process a URL because it is too long.
+- url: rename function due to name-clash in Watt-32
- See: #9317
- Closes: #9327
+ Since the commit 764c958c52edb427f39, there was a new function called
+ resolve_ip(). This clashes with an internal function in Watt-32.
-Chris Paulson-Ellis (22 Aug 2022)
+ Closes #9585
-- configure: fix broken m4 syntax in TLS options
+Jay Satiro (26 Sep 2022)
- Commit b589696f added lines to some shell within AC_ARG_WITH macros, but
- inadvertently failed to move the final closing ).
+- schannel: ban server ALPN change during recv renegotiation
- Quote the script section using braces.
+ By the time schannel_recv is renegotiating the connection, libcurl has
+ already decided on a protocol and it is too late for the server to
+ select a protocol via ALPN except for the originally selected protocol.
- So, if these problems have been around for a while, how did I find them?
- Only because I did a configure including these options:
+ Ref: https://github.com/curl/curl/issues/9451
- $ ./configure --with-openssl --without-rustls
- SSL: enabled (OpenSSL)
+ Closes https://github.com/curl/curl/pull/9463
- Closes #9344
+Daniel Stenberg (26 Sep 2022)
-Daniel Stenberg (18 Aug 2022)
+- url: a zero-length userinfo part in the URL is still a (blank) user
-- tests/data/CMakeLists: remove making the 'show' makefile target
+ Adjusted test 1560 to verify
- It is not used by runtests since 3c0f462
+ Reported-by: Jay Satiro
- Closes #9333
+ Fixes #9088
+ Closes #9590
-- tests/data/Makefile: remove 'filecheck' target
+Viktor Szakats (25 Sep 2022)
- No practical use anymore since 3c0f4622cdfd6
+- autotools: allow --enable-symbol-hiding with windows
- Closes #9332
+ This local autotools logic was put in place in
+ 9e24b9c7afbcb81120af4cf3f6cdee49a06d8224 (in 2012) which disabled it for
+ Windows unconditionally. Testing reveals that it actually works with
+ tested toolchains (mingw-w64 and CI ones), so let's allow this build
+ feature on that platform. Bringing this in sync with CMake, which already
+ supported this.
-- libssh2: make atime/mtime date overflow return error
+ Reviewed-by: Jay Satiro
- Closes #9328
+ Closes #9586
-- libssh: make atime/mtime date overflow return error
+- autotools: reduce brute-force when detecting recv/send arg list
- Closes #9328
+ autotools uses brute-force to detect `recv`/`send`/`select` argument
+ lists, by interating through _all_ argument type combinations on each
+ `./configure` run. This logic exists since
+ 01fa02d0b545e1433dced2430561f8c0c72b74a9 (from 2006) and was a bit later
+ extended with Windows support.
-- examples/curlx.c: remove
+ This results in a worst-case number of compile + link cycles as below:
+ - `recv`: 96
+ - `send`: 192
+ - `select`: 60
+ Total: 348 (the number of curl C source files is 195, for comparison)
- This example is a bit convoluted to use as an example, combined with the
- special license for it makes it unsuitable.
+ Notice that e.g. curl-for-win autotools builds require two `./configure`
+ invocations, doubling these numbers.
- Closes #9330
+ `recv` on Windows was especially unlucky because `SOCKET` (the correct
+ choice there) was listed _last_ in one of the outer trial loops. This
+ resulted in lengthy waits while autotools was trying all invalid
+ combinations first, wasting cycles, disk writes and slowing down
+ iteration.
-Tobias Nygren (17 Aug 2022)
+ This patch reduces the amount of idle work by reordering the tests in
+ a way to succeed first on a well-known platform such as Windows, and
+ also on non-Windows by testing for POSIX prototypes first, on the
+ assumption that these are the most likely candidates these days. (We do
+ not touch `select`, where the order was already optimal for these
+ platforms.)
-- curl.h: include <sys/select.h> on SunOS
+ For non-Windows, this means to try a return value of `ssize_t` first,
+ then `int`, reordering the buffer argument type to try `void *` first,
+ then `byte *`, and prefer the `const` flavor with `send`. If we are
+ here, also stop testing for `SOCKET` type in non-Windows builds.
- It is needed for fd_set to be visible to downstream consumers that use
- <curl/multi.h>. Header is known to exist at least as far back as Solaris
- 2.6.
+ After the patch, detection on Windows is instantaneous. It should also be
+ faster on popular platforms such as Linux and BSD-based ones.
- Closes #9329
+ If there are known-good variations for other platforms, they can also be
+ fast-tracked like above, given a way to check for that platform inside
+ the autotools logic.
-Daniel Stenberg (17 Aug 2022)
+ Reviewed-by: Daniel Stenberg
-- DEPRECATE.md: push the NSS deprecation date forward one year to 2023
+ Closes #9591
- URL: https://curl.se/mail/lib-2022-08/0016.html
+Daniel Stenberg (23 Sep 2022)
-- libssh2: setting atime or mtime >32bit on 4-bytes-long systems
+- TODO: Provide the error body from a CONNECT response
- Since the libssh2 API uses 'long' to store the timestamp, it cannot
- transfer >32bit times on Windows and 32bit architecture builds.
+ Spellchecked-by: Jay Satiro
- Avoid nasty surprises by instead not setting such time.
+ Closes #9513
+ Closes #9581
- Spotted by Coverity
+Viktor Szakats (23 Sep 2022)
- Closes #9325
+- windows: autotools .rc warnings fixup
-- libssh: setting atime or mtime > 32bit is now just skipped
+ Move `LT_LANG([Windows Resource])` after `XC_LIBTOOL`, fixing:
- The libssh API used caps the time to an unsigned 32bit variable. Avoid
- nasty surprises by instead not setting such time.
+ - Warnings when running `autoreconf -fi`.
- Spotted by Coverity.
+ - Warning when compiling .rc files:
+ libtool: compile: unable to infer tagged configuration
+ libtool: error: specify a tag with '--tag'
- Closes #9324
+ Follow up to 6de7322c03d5b4d91576a7d9fc893e03cc9d1057
+ Ref: https://github.com/curl/curl/pull/9521#issuecomment-1256291156
-Jay Satiro (16 Aug 2022)
+ Suggested-by: Patrick Monnerat
+ Closes #9582
-- KNOWN_BUGS: Windows Unicode builds use homedir in current locale
+Randall S. Becker (23 Sep 2022)
- Bug: https://github.com/curl/curl/pull/7252
- Reported-by: dEajL3kA@users.noreply.github.com
+- curl_setup: disable use of FLOSS for 64-bit NonStop builds
- Ref: https://github.com/curl/curl/pull/7281
+ Older 32-bit builds currently need FLOSS. This dependency may be removed
+ in future OS releases.
- Closes https://github.com/curl/curl/pull/9305
+ Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>
-Daniel Stenberg (16 Aug 2022)
+ Closes #9575
-- test399: switch it to use a config file instead
+Patrick Monnerat (23 Sep 2022)
- ... as using a 65535 bytes host name in a URL does not fit on the
- command line on some systems - like Windows.
+- tool: remove dead code
- Reported-by: Marcel Raad
- Fixes #9321
- Closes #9322
+ Add a debug assertion to verify protocols included/excluded in a set
+ are always tokenized.
-- RELEASE-NOTES: synced
+ Follow-up to commit 677266c.
-- asyn-ares: make a single alloc out of hostname + async data
+ Closes #9576
- This saves one alloc per name resolve and simplifies the exit path.
+- lib: prepare the incoming of additional protocols
- Closes #9310
+ Move the curl_prot_t to its own conditional block. Introduce symbol
+ PROTO_TYPE_SMALL to control it.
-- Curl_close: call Curl_resolver_cancel to avoid memory-leak
+ Fix a cast in a curl_prot_t assignment.
+ Remove an outdated comment.
- There might be a pending (c-ares) resolve that isn't free'd up yet.
+ Follow-up to cd5ca80.
- Closes #9310
+ Closes #9534
-- asyn-thread: fix socket leak on OOM
+Daniel Stenberg (23 Sep 2022)
- Closes #9310
+- msh3: change the static_assert to make the code C89
-- GHA: mv CI torture test from Zuul
+- bearssl: make it proper C89 compliant
- Closes #9310
+- curl-compilers.m4: for gcc + want warnings, set gnu89 standard
-- ngtcp2-wolfssl.yml: add GHA to build ngtcp2 + wolfSSL
+ To better verify that the code is C89
- Closes #9318
+ Closes #9542
-- test399: verify check of too long host name
+Patrick Monnerat (22 Sep 2022)
-- url: reject URLs with hostnames longer than 65535 bytes
+- lib517: fix C89 constant signedness
- It *probably* causes other problems too since DNS can't resolve such
- long names, but the SNI field in TLS is limited to 16 bits length.
+ In C89, positive integer literals that overflow an int but not an
+ unsigned int may be understood as a negative int.
- Closes #9317
+ lib517.c:129:3: warning: this decimal constant is unsigned only in ISO C90
+ {"Sun, 06 Nov 2044 08:49:37 GMT", 2362034977 },
+ ^
-- curl_multi_perform.3: minor language fix
+ Closes #9572
- Closes #9316
+Daniel Stenberg (22 Sep 2022)
-- ngtcp2: fix picky compiler warnings with wolfSSL for QUIC
+- mprintf: use snprintf if available
- Follow-up to 8a13be227eede2
+ This is the single place in libcurl code where it uses the "native"
+ s(n)printf() function. Used for writing floats. The use has been
+ reviewed and vetted and uses a HUGE target buffer, but switching to
+ snprintf() still makes this safer and removes build-time warnings.
- Closes #9315
+ Reported-by: Philip Heiduck
-- ngtcp2: remove leftover variable
+ Fixes #9569
+ Closes #9570
- Mistake leftover from my edit before push.
+- docs: tag curl options better in man pages
- Follow-up from 8a13be227eede2601c2b3b
- Reported-by: Viktor Szakats
- Bug: https://github.com/curl/curl/pull/9290#issuecomment-1214569167
+ As it makes them links in the HTML versions.
-Viktor Szakats (15 Aug 2022)
+ Verified by the extended test 1176
-- Makefile.m32: allow -nghttp3/-ngtcp2 without -ssl [ci skip]
+- symbols-in-versions: CURLOPT_ENCODING is deprecated since 7.21.6
- Before this patch `-nghttp3`/`-ngtcp2` had an effect only when `-ssl`
- was also enabled. `-ssl` meaning OpenSSL (and its forks). After
- 8a13be227eede2601c2b3b1c63e08b3dc9b35dd5 nghttp3/ngtcp2 can also be
- used together with wolfSSL. This patch adds the ability to enable
- `-nghttp3`/`-ngtcp2` independently from `-ssl` (OpenSSL), allowing to
- use it with wolfSSL or other, future TLS backends.
+- manpage-syntax.pl: all libcurl option symbols should be \fI-tagged
- Before this patch, it was fine to enable `-nghttp3`/`-ngtcp2`
- unconditionally. After this patch, this is no longer the case, and now
- it's the user's responsibility to enable `-nghttp3`/`-ngtcp2` only
- together with a compatible TLS backend.
+ ... as that makes them links to their corresponding man page.
- When using a TLS backend other than OpenSSL, the TLS-specific ngtcp2
- library must be configured manually, e.g.:
- `export CURL_LDFLAG_EXTRAS=-lngtcp2_crypto_wolfssl`
+ This script is used for test 1173.
- (or via `NGTCP2_LIBS`)
+ Closes #9574
- Closes #9314
+- RELEASE-NOTES: synced
-Stefan Eissing (15 Aug 2022)
+Patrick Monnerat (22 Sep 2022)
-- quic: add support via wolfSSL
+- tool: remove protocol count limitation
- - based on ngtcp2 PR https://github.com/ngtcp2/ngtcp2/pull/505
- - configure adapted to build against ngtcp2 wolfssl crypto lib
- - quic code added for creation of WOLFSSL* instances
+ Replace bit mask protocol sets by null-terminated arrays of protocol
+ tokens. These are the addresses of the protocol names returned by
+ curl_version_info().
- Closes #9290
+ Protocol names are sorted case-insensitively before output to satisfy CI
+ tests matches consistency.
-David Carlier (14 Aug 2022)
+ The protocol list returned by curl_version_info() is augmented with all
+ RTMP protocol variants.
-- memdebug: add annotation attributes
+ Test 1401 adjusted for new alpha ordered output.
- memory debug tracking annotates whether the returned pointer does not
- `alias`, hints where the size required is, for Windows to be better
- debugged via Visual Studio.
+ Closes #9546
- Closes https://github.com/curl/curl/pull/9306
+Daniel Stenberg (22 Sep 2022)
-Daniel Stenberg (14 Aug 2022)
+- test972: verify the output without using external tool
-- GHA: move libressl CI from zuul to GitHub
+ It seems too restrictive to assume and use an external tool to verify
+ the JSON. This now verifies the outut byte per byte. We could consider
+ building a local "JSON verifyer" in a future.
- Closes #9309
+ Remove 'jsonlint' from the CI job.
-- KNOWN_BUGS: FTPS directory listing hangs on Windows with Schannel
+ Reported-by: Marcel Raad
+ Fixes #9563
+ Closes #9564
- Closes #9161
+- hostip: lazily wait to figure out if IPv6 works until needed
-- KNOWN_BUGS: CURLOPT_CERTINFO results in CURLE_OUT_OF_MEMORY with Schannel
+ The check may take many milliseconds, so now it is performed once the
+ value is first needed. Also, this change makes sure that the value is
+ not used if the resolve is set to be IPv4-only.
- Closes #8741
+ Closes #9553
-- KNOWN_BUGS: libssh blocking and infinite loop problem
+- curl.h: fix mention of wrong error code in comment
- Closes #8632
+ The same error and comment were also used and is now corrected in
+ CURLOPT_SSH_KEYFUNCTION.3
-- RELEASE-NOTES: synced
+- symbol-scan.pl: scan and verify .3 man pages
-- msh3: fix the QUIC disconnect function
+ This script now also finds all .3 man pages in docs/include and
+ docs/include/opts, extracts all uses of CURL* symbols and verifies that all
+ symbols mentioned in docs are defined in public headers.
- And free request related memory better in 'done'. Fixes a memory-leak.
+ A "global symbol" is one of those matching a known prefix and the script make
+ s
+ an attempt to check all/most of them. Just using *all* symbols that match
+ CURL* proved matching a little too many other references as well and turned
+ difficult turning into something useful.
- Reported-by: Gisle Vanem
- Fixes #8915
- Closes #9304
+ Closes #9544
-- connect: close the happy eyeballs loser connection when using QUIC
+- symbols-in-versions: add missing LIBCURL* symbols
- Reviewed-by: Nick Banks
+- symbol-scan.pl: also check for LIBCURL* symbols
- Closes #9303
+ Closes #9544
-Emil Engler (12 Aug 2022)
+- docs/libcurl/symbols-in-versions: add several missing symbols
-- refactor: split resolve_server() into functions
+- test1119: scan all public headers
- This commit splits the branch-heavy resolve_server() function into
- various sub-functions, in order to reduce the amount of nested
- if/else-statements.
+ Previously this test only scanned a subset of the headers, which made us
+ accidentally miss symbols that were provided in the others. Now, the script
+ iterates over all headers present in include/curl.
- Beside this, it also removes many else-sequences, by returning in the
- previous if-statement.
+ Closes #9544
- Closes #9283
+Patrick Monnerat (21 Sep 2022)
-Daniel Stenberg (12 Aug 2022)
+- examples/chkspeed: improve portability
-- schannel: re-indent to use curl style better
+ The example program chkspeed uses strncasecmp() which is not portable
+ across systems. Replace calls to this function by tests on characters.
- Only white space changes
+ Closes #9562
- Closes #9301
+Daniel Stenberg (21 Sep 2022)
-Emanuele Torre (12 Aug 2022)
+- easy: fix the #include order
-- docs/cmdline-opts: fix example and categories for --form-escape
+ The mentioned "last 3 includes" order should be respected. easy_lock.h should
+ be included before those three.
- The example was missing a "--form" argument
- I also replaced "--form" with "-F" to shorten the line a bit since it
- was already very long.
+ Reported-by: Yuriy Chernyshov
+ Fixes #9560
+ Closes #9561
- And I also moved --form-escape from the "post" category to the "upload"
- category (this is what I originally wanted to fix, before also noticing
- the mistake in the example).
+- docs: spellfixes
- Closes #9298
+ Pointed by the new CI job
-Nick Banks (11 Aug 2022)
+- GHA: spellcheck
-- HTTP3.md: update to msh3 v0.4.0
+ This spellchecker checks markdown files. For this reason this job
+ converts all man pages in the repository to markdown with pandoc before
+ the check runs.
- Closes #9297
+ The perl script 'cleanspell' filters out details from the man page in
+ the process, to avoid the spellchecker trying to spellcheck things it
+ can't. Like curl specific symbols and the SYNOPSIS and EXAMPLE sections
+ of libcurl man pages.
-Daniel Stenberg (11 Aug 2022)
+ The spell checker does not check words in sections that are within pre,
+ strong and em tags.
-- hostip: resolve *.localhost to 127.0.0.1/::1
+ 'spellcheck.words' is a custom word list with additional accepted words.
- Following the footsteps of other clients like Firefox/Chrome. RFC 6761
- says clients SHOULD do this.
+ Closes #9523
- Add test 389 to verify.
+- connect: fix the wrong error message on connect failures
- Reported-by: TheKnarf on github
- Fixes #9192
- Closes #9296
+ The "Failed to connect to" message after a connection failure would
+ include the strerror message based on the presumed previous socket
+ error, but in times it seems that error number is not set when reaching
+ this code and therefore it would include the wrong error message.
-Jay Satiro (11 Aug 2022)
+ The strerror message is now removed from here and the curl_easy_strerror
+ error is used instead.
-- KNOWN_BUGS: long paths are not fully supported on Windows
+ Reported-by: Edoardo Lolletti
+ Fixes #9549
+ Closes #9554
- Bug: https://github.com/curl/curl/issues/8361
- Reported-by: Gisle Vanem
+- httpput-postfields.c: shorten string for C89 compliance
- Closes https://github.com/curl/curl/pull/9288
+ httpput-postfields.c:41:3: error: string length ‘522’ is greater than the
+ length ‘509’ ISO C90 compilers are required to support [-Woverlength-str
+ ings]
+ 41 | "this chapter.";
+ | ^~~~~~~~~~~~~~~
-Daniel Stenberg (11 Aug 2022)
+ Closes #9555
-- config: remove the check for and use of SIZEOF_SHORT
+- ws: fix a C89 compliance nit
- shorts are 2 bytes on all platforms curl runs and have ever run on.
+ Closes #9541
- Closes #9291
+Patrick Monnerat (21 Sep 2022)
-- configure: introduce CURL_SIZEOF
+- unit test 1655: make it C89-compliant
- This is a rewrite of the previously used GPLv3+exception licensed
- file. With this change, there is no more reference to GPL so we can
- remove that from LICENSES/.
+ Initializations performed in unit test 1655 use automatic variables in
+ aggregates and thus can only be computed at run-time. Using gcc in C89
+ dialect mode produces warning messages like:
- Ref: #9220
- Closes #9291
+ unit1655.c:96:7: warning: initializer element is not computable at load time
+ [-Wpedantic]
+ 96 | { toolong, DOH_DNS_NAME_TOO_LONG }, /* expect early failure */
+ | ^~~~~~~
-Sean McArthur (10 Aug 2022)
+ Fix the problem by converting these automatic pointer variables to
+ static arrays.
-- hyper: customize test1274 to how hyper unfolds headers
+ Closes #9551
- Closes #9217
+Tobias Schaefer (20 Sep 2022)
-Orgad Shaneh (10 Aug 2022)
+- curl_strequal.3: fix typo
-- curl-config: quote directories with potential space
+ Closes #9548
- On Windows (at least with CMake), the default prefix is
- C:/Program Files (x86)/CURL.
+Dmitry Karpov (20 Sep 2022)
- Closes #9253
+- resolve: make forced IPv4 resolve only use A queries
-Oliver Roberts (10 Aug 2022)
+ This protects IPv4-only transfers from undesired bad IPv6-related side
+ effects and make IPv4 transfers in dual-stack libcurl behave the same
+ way as in IPv4 single-stack libcurl.
-- amigaos: fix threaded resolver on AmigaOS 4.x
+ Closes #9540
- Replace ip4 resolution function on AmigaOS 4.x, as it requires runtime
- feature detection and extra code to make it thread safe.
+Daniel Stenberg (20 Sep 2022)
- Closes #9265
+- RELEASE-NOTES: synced
-Emil Engler (10 Aug 2022)
+- winbuild/MakefileBuild.vc: handle spaces in libssh(2) include paths
-- imap: use ISALNUM() for alphanumeric checks
+ Patched-by: Mark Itzcovitz
+ Bug: https://curl.se/mail/lib-2022-09/0038.html
- This commit replaces a self-made character check for alphanumeric
- characters within imap_is_bchar() with the ISALNUM() macro, as it is
- reduces the size of the code and makes the performance better, due to
- ASCII arithmetic.
+ Closes #9536
- Closes #9289
+- TODO: Reduce CA certificate bundle reparsing
-Daniel Stenberg (10 Aug 2022)
+ By adding some sort of cache.
-- RELEASE-NOTES: synced
+ Reported-by: Michael Drake
+ Closes #9379
+ Closes #9538
-Cering on github (10 Aug 2022)
+Marc Hoersken (19 Sep 2022)
-- connect: add quic connection information
+- CI/GHA: cancel outdated CI runs on new PR changes
- Fixes #9286
- Closes #9287
+ Avoid letting outdated CI runs continue if a PR receives
+ new changes. Outside a PR we let them continue running
+ by tying the concurrency to the commit hash instead.
-Philip Heiduck (8 Aug 2022)
+ Also only let one CodeQL or Hacktoberfest job run at a time.
-- cirrus/freebsd-ci: bootstrap the pip installer
+ Other CI platforms we use have this build in, but GitHub
+ unfortunately neither by default nor with a simple option.
- Signed-off-by: Philip H <47042125+pheiduck@users.noreply.github.com>
+ This saves CI resources and therefore a little energy.
- Closes #9213
+ Approved-by: Daniel Stenberg
+ Approved-by: Max Dymond
+ Closes #9533
-Daniel Stenberg (8 Aug 2022)
+Daniel Stenberg (19 Sep 2022)
-- urldata: move smaller fields down in connectdata struct
+- docs: fix proselint complaints
- By (almost) sorting the struct fields in connectdata in a decending size
- order, having the single char ones last, we reduce the number of holes
- in the struct and thus the amount of storage needed.
+- GHA: run proselint on markdown files
- Closes #9280
+ Co-authored-by: Marc Hörsken
-- ldap: adapt to conn->port now being an 'int'
+ Closes #9520
- Remove typecasts. Fix printf() formats.
+- lib: the number four in a sequence is the "fourth"
- Follow-up from 764c6bd3bf.
- Pointed out by Coverity CID 1507858.
+ Spelling is hard
- Closes #9281
+ Closes #9535
-- KNOWN_BUGS: Negotiate authentication against Hadoop HDFS
+John Bampton (19 Sep 2022)
- Closes #8264
+- misc: fix spelling in two source files
-Oliver Roberts (8 Aug 2022)
+ Closes #9529
-- file: add handling of native AmigaOS paths
+Viktor Szakats (18 Sep 2022)
- On AmigaOS 4.x, handle native absolute paths, whilst blocking relative
- paths. Also allow unix style paths if feature enabled at link time.
+- windows: add .rc support to autotools builds
- Inspiration-from: Michael Trebilcock
+ After this update autotools builds will compile and link `.rc` resources
+ to Windows executables. Bringing this feature on par with CMake and
+ Makefile.m32 builds. And also making it unnecessary to improvise these
+ steps manually, while monkey patching build files, e.g. [0].
- Closes #9259
+ You can customize the resource compiler via the `RC` envvar, and its
+ options via `RCFLAGS`.
-Daniel Stenberg (8 Aug 2022)
+ This harmless warning may appear throughout the build, even though the
+ autotools manual documents [1] `RC` as a valid tag, and it fails when
+ omitting one:
+ `libtool: error: ignoring unknown tag RC`
-- KNOWN_BUGS: cmake build is not thread-safe
+ [0] https://github.com/curl/curl-for-win/blob/535f19060d4b708f72e75dd849409ce
+ 50baa1b84/curl-autotools.sh#L376-L382
+ [1] https://www.gnu.org/software/libtool/manual/html_node/Tags.html
- The cmake build does not check for and verify presence of a working
- Atomic type, which then makes curl_global_init() to not build
- thread-safe on non-Windows platforms.
+ Closes #9521
- Closes https://github.com/curl/curl/issues/8973
- Closes https://github.com/curl/curl/pull/8982
+Marc Hoersken (18 Sep 2022)
-Oliver Roberts (8 Aug 2022)
+- CI/linkcheck: only run if a Markdown file is changed
-- configure: fixup bsdsocket detection code for AmigaOS 4.x
+ This saves CI resources and therefore a little energy.
- The code that detects bsdsocket.library for AmigaOS did not work
- for AmigaOS 4.x. This has been fixed and also cleaned up a little
- to reduce duplication. Wasn't technically necessary before, but is
- required when building with AmiSSL instead of OpenSSL.
+ Reviewed-by: Max Dymond
+ Closes #9531
- Closes #9268
+- README.md: add GHA status badges for Linux and macOS builds
-- tool: reintroduce set file comment code for AmigaOS
+ This makes sense now that Linux builds are being consolidated.
- Amiga specific code which put the URL in the file comment was perhaps
- accidentally removed in b88940850002a3f1c25bc6488b95ad30eb80d696 having
- originally been added in 5c215bdbdfde8b2350cdcbac82aae0c914da5314.
- Reworked to fit the code changes and added it back in.
+ Approved-by: Daniel Stenberg
+ Closes #9530
- Reported-by: Michael Trebilcock
- Originally-added-by: Chris Young
+ [skip ci]
- Closes #9258
+Daniel Stenberg (17 Sep 2022)
-Daniel Stenberg (8 Aug 2022)
+- misc: null-terminate
-- urldata: make 'negnpn' use less storage
+ Make use of this term consistently.
- The connectdata struct field 'negnpn' never holds a value larger than
- 30, so an unsigned char saves 3 bytes struct space.
+ Closes #9527
- Closes #9279
+Marc Hoersken (17 Sep 2022)
-- urldata: make three *_proto struct fields smaller
+- CI/GHA: merge intel CC and more TLS libs into linux workflow
- Use 'unsigned char' for storage instead of the enum, for three GSSAPI
- related fields in the connectdata struct.
+ Continue work on merging all Linux workflows into one file.
- Closes #9278
+ Reviewed-by: Max Dymond
+ Follow up to #9501
+ Closes #9514
-- connect: set socktype/protocol correctly
+Patrick Monnerat (17 Sep 2022)
- So that an address used from the DNS cache that was previously used for
- QUIC can be reused for TCP and vice versa.
+- lib1597: make it C89-compliant again
- To make this possible, set conn->transport to "unix" for unix domain
- connections ... and store the transport struct field in an unsigned char
- to use less space.
+ Automatic variable addresses cannot be used in an initialisation
+ aggregate.
- Reported-by: ウさん
- Fixes #9274
- Closes #9276
+ Follow-up to 9d51329
-Oliver Roberts (8 Aug 2022)
+ Reported-by: Daniel Stenberg
+ Fixes: #9524
+ Closes #9525
-- amissl: allow AmiSSL to be used with AmigaOS 4.x builds
+Daniel Stenberg (17 Sep 2022)
- Enable AmiSSL to be used instead of static OpenSSL link libraries.
- for AmigaOS 4.x, as it already is in the AmigaOS 3.x build.
+- tool_libinfo: silence "different 'const' qualifiers" in qsort()
- Closes #9269
+ MSVC 15.0.30729.1 warned about it
-opensignature on github (8 Aug 2022)
+ Follow-up to dd2a024323dcc
-- openssl: add details to "unable to set client certificate" error
+ Closes #9522
- from: "curl: (58) unable to set client certificate"
+Patrick Monnerat (16 Sep 2022)
- to: curl: (58) unable to set client certificate [error:0A00018F:SSL
- routines::ee key too small]
+- docs: tell about disabled protocols in CURLOPT_*PROTOCOLS_STR.
- Closes #9228
+ Disabled protocols are now handled as if they were unknown.
+ Also update the possible protocol list.
-Oliver Roberts (8 Aug 2022)
+- cli tool: do not use disabled protocols
-- amissl: make AmiSSL v5 a minimum requirement
+ As they are now rejected by the library, take care of not passing
+ disabled protocol names to CURLOPT_PROTOCOLS_STR and
+ CURLOPT_REDIR_PROTOCOLS_STR.
- AmiSSL v5 is the latest version, featuring a port of OpenSSL 3.0.
- Support for previous OpenSSL 1.1.x versions has been dropped, so
- makes sense to enforce v5 as the minimum requirement. This also
- allows all the AmiSSL stub workarounds to be removed as they are
- now provided in a link library in the AmiSSL SDK.
+ Rather than using the CURLPROTO_* constants, dynamically assign protocol
+ numbers based on the order they are listed by curl_version_info().
- Closes #9267
+ New type proto_set_t implements prototype bit masks: it should therefore
+ be large enough to accomodate all library-enabled protocols. If not,
+ protocol numbers beyond the bit count of proto_set_t are recognized but
+ "inaccessible": when used, a warning is displayed and the value is
+ ignored. Should proto_set_t overflows, enabled protocols are reordered to
+ force those having a public CURLPROTO_* representation to be accessible.
-- configure: -pthread not available on AmigaOS 4.x
+ Code has been added to subordinate RTMP?* protocols to the presence of
+ RTMP in the enabled protocol list, being returned by curl_version_info()
+ or not.
- The most recent GCC builds for AmigaOS 4.x do not allow -pthread and
- exit with an error. Instead, need to explictly specify -lpthread.
+- setopt: use the handler table for protocol name to number conversions
- Closes #9266
+ This also returns error CURLE_UNSUPPORTED_PROTOCOL rather than
+ CURLE_BAD_FUNCTION_ARGUMENT when a listed protocol name is not found.
-Daniel Stenberg (8 Aug 2022)
+ A new schemelen parameter is added to Curl_builtin_scheme() to support
+ this extended use.
-- digest: pass over leading spaces in qop values
+ Note that disabled protocols are not recognized anymore.
- When parsing the "qop=" parameter of the digest authentication, and the
- value is provided within quotes, the list of values can have leading
- white space which the parser previously did not handle correctly.
+ Tests adapted accordingly.
- Add test case 388 to verify.
+ Closes #9472
- Reported-by: vlubart on github
- Fixes #9264
- Closes #9270
+Daniel Stenberg (16 Sep 2022)
-Evgeny Grin (Karlson2k) (7 Aug 2022)
+- altsvc: use 'h3' for h3
-- digest: reject broken header with session protocol but without qop
+ Since the official and real version has been out for a while now and servers
+ are deployed out there using it, there is no point in sticking to h3-29.
- Closes #9077
+ Reported-by: ウさん
+ Fixes #9515
+ Closes #9516
-Daniel Stenberg (7 Aug 2022)
+chemodax (16 Sep 2022)
-- CURLINFO_SPEED_UPLOAD/DOWNLOAD.3: fix examples
+- winbuild: Use NMake batch-rules for compilation
- Reported-by: jvvprasad78 on github
- Assisted-by: Jay Satiro
- Fixes #9239
- Closes #9241
+ - Invoke cl compiler once for each group of .c files.
-Fabian Keil (7 Aug 2022)
+ This is significantly improves compilation time. For example in my
+ environment: 40 s --> 20 s.
-- test44[2-4]: add '--resolve' to the keywords
+ Prior to this change cl was invoked per .c file.
- ... so the tests can be automatically skipped when
- using an external proxy like Privoxy.
+ Closes https://github.com/curl/curl/pull/9512
- Closes #9250
+Daniel Stenberg (16 Sep 2022)
-Daniel Stenberg (7 Aug 2022)
+- ws: the infof() flags should be %zu
-- RELEASE-NOTES: synced
+ Follow-up to e5e9e0c5e49ae0
-- CURLOPT_CONNECT_ONLY.3: clarify multi API use
+ Closes #9518
- Reported-by: Maxim Ivanov
- Fixes #9244
- Closes #9262
+- curl: warn for --ssl use, considered insecure
-Andrew Lambert (6 Aug 2022)
+ Closes #9519
-- curl_easy_header: Add CURLH_PSEUDO to sanity check
+Sergey Bronnikov (16 Sep 2022)
- Fixes #9235
- Closes #9236
+- curl_escape.3: fix typo
-Emil Engler (6 Aug 2022)
+ lengthf -> length
-- docs: add dns category to --resolve
+ Closes #9517
- This commit adds the dns category to the --resolve command line option,
- because it can be interpreted as both: a low-level connection option and
- an option related to the resolving of a hostname.
+Daniel Stenberg (16 Sep 2022)
- It is also not common for dns options to belong to the connection
- category and vice versa. --ipv4 and --ipv6 are both good examples.
+- mailmap: merge Philip Heiduck's two addresses into one
- Closes #9229
+- test1948: verify PUT + POST reusing the same handle
-Wyatt O'Day (2 Aug 2022)
+ Reproduced #9507, verifies the fix
-- schannel: Add TLS 1.3 support
+- setopt: when POST is set, reset the 'upload' field
- - Support TLS 1.3 as the default max TLS version for Windows Server 2022
- and Windows 11.
+ Reported-by: RobBotic1 on github
+ Fixes #9507
+ Closes #9511
- - Support specifying TLS 1.3 ciphers via existing option
- CURLOPT_TLS13_CIPHERS (tool: --tls13-ciphers).
+Marc Hoersken (15 Sep 2022)
- Closes https://github.com/curl/curl/pull/8419
+- github: initial CODEOWNERS setup for CI configuration
-Emil Engler (2 Aug 2022)
+ Reviewed-by: Daniel Stenberg
+ Reviewed-by: Marcel Raad
+ Reviewed-by: Max Dymond
-- cmdline-opts/gen.pl: improve performance
+ Closes #9505
- On some systems, the gen.pl script takes nearly two minutes for the
- generation of the main-page, which is a completely unacceptable time.
+ [skip ci]
- The slow performance has two causes:
- 1. Use of a regex locale operator
- 2. Useless invokations of loops
+Philip Heiduck (15 Sep 2022)
- The commit addresses the first issue by replacing the "\W" wiht
- [^a-zA-Z0-9_], which is, according to regex101.com, functionally
- equivalent to the previous operation, except that it is obviously
- limited to ASCII only, which is fine, as the curl project is
- English-only anyway.
+- CI: optimize some more dependencies install
- The second issue is being addressed by only running the loop if the line
- contains a "--" in it. The loop may be completeley removed in the
- future.
+ Signed-off-by: Philip Heiduck <pheiduck@Philips-MBP.lan>
- Co-authored-by: Emanuele Torre <torreemanuele6@gmail.com>
+ Closes #9500
- See #8299
- Fixes #9230
- Closes #9232
+Marc Hoersken (15 Sep 2022)
-Daniel Stenberg (2 Aug 2022)
+- CI/GHA: merge event-based and NSS into new linux workflow
-- docs/cmdline: mark fail and fail-with-body as mutually exclusive
+ Continue work on merging all Linux workflows into one file.
- Reported-by: Andreas Sommer
- Fixes #9221
- Closes #9222
+ Follow up to #9501
+ Closes #9506
-Nao Yonashiro (2 Aug 2022)
+Daniel Stenberg (15 Sep 2022)
-- quiche: fix build failure
+- include/curl/websockets.h: add extern "C" for C++
- Reviewed-by: Alessandro Ghedini
- Closes #9223
+ Reported-by: n0name321 on github
+ Fixes #9509
+ Closes #9510
-Viktor Szakats (2 Aug 2022)
+- lib1560: extended to verify detect/reject of unknown schemes
-- configure.ac: drop references to deleted functions
+ ... when no guessing is allowed.
- follow-up from 4d73854462f30948acab12984b611e9e33ee41e6
+- urlapi: detect scheme better when not guessing
- Reported-by: Oliver Roberts
- Fixes #9238
- Closes #9240
+ When the parser is not allowed to guess scheme, it should consider the
+ word ending at the first colon to be the scheme, independently of number
+ of slashes.
-Sean McArthur (28 Jul 2022)
+ The parser now checks that the scheme is known before it counts slashes,
+ to improve the error messge for URLs with unknown schemes and maybe no
+ slashes.
-- hyper: enable obs-folded multiline headers
+ When following redirects, no scheme guessing is allowed and therefore
+ this change effectively prevents redirects to unknown schemes such as
+ "data".
- Closes #9216
+ Fixes #9503
-Daniel Stenberg (28 Jul 2022)
+- strerror: improve two URL API error messages
-- connect: revert the use of IP*_RECVERR
+Marc Hoersken (14 Sep 2022)
- The options were added in #6341 and d13179d, but cause problems: Lots of
- POLLIN event occurs but recvfrom read nothing.
+- CI/GHA: merge bearssl and hyper into initial linux workflow
- Reported-by: Tatsuhiro Tsujikawa
- Fixes #9209
- Closes #9215
+ Begin work on merging all Linux workflows into one file.
-Marco Kamner (27 Jul 2022)
+ Closes #9501
-- docs: remove him/her/he/she from documentation
+Daniel Stenberg (14 Sep 2022)
- Closes #9208
+- RELEASE-NOTES: synced
-Daniel Stenberg (27 Jul 2022)
+- cmake: define BUILDING_LIBCURL in lib/CMakeLists, not config.h
-- RELEASE-NOTES: synced
+ Since the config file might also get included by the tool code at times.
+ This syncs with how other builds do it.
-- tool_getparam: make --doh-url "" switch it off
+ Closes #9498
- A possible future addition could be to parse the URL first too to verify
- that it is valid before trying to use it.
+- tool_hugehelp: make hugehelp a blank macro when disabled
- Assisted-by: Jay Satiro
- Closes #9207
+ Closes #9485
-- mailmap: add rzrymiak on github
+- getparameter: return PARAM_MANUAL_REQUESTED for -M even when disabled
-Jay Satiro (26 Jul 2022)
+ ... to improve the output in this situation. Now it doesn't say "option
+ unknown" anymore.
-- ngtcp2: Fix build error due to change in nghttp3 prototypes
+ Closes #9485
- ngtcp2/nghttp3@4a066b2 changed nghttp3_conn_block_stream and
- nghttp3_conn_shutdown_stream_write return from int to void.
+- setopt: fix compiler warning
- Reported-by: jurisuk@users.noreply.github.com
+ Follow-up to cd5ca80f00d2
- Fixes https://github.com/curl/curl/issues/9204
- Closes https://github.com/curl/curl/pull/9200
+ closes #9502
-rzrymiak on github (26 Jul 2022)
+Philip Heiduck (13 Sep 2022)
-- BUGS.md: improve language
+- CI: skip make, do make install at once for dependencies
- Closes #9205
+ Signed-off-by: Philip Heiduck <pheiduck@Philips-MBP.lan>
-Philip Heiduck (26 Jul 2022)
+ Closes #9477
-- cirrus.yml: replace py38-pip with py39-pip
+Daniel Stenberg (13 Sep 2022)
- Reported-by: Jay Satiro
- Fixes #9201
- Closes #9202
+- formdata: typecast the va_arg return value
-Daniel Stenberg (25 Jul 2022)
+ To avoid "enumerated type mixed with another type" warnings
-- tool_getparam: fix cleanarg() for unicode builds
+ Follow-up from 0f52dd5fd5aa3592691a
- Use the correct type, and make cleanarg an empty macro if the cleaning
- ability is absent.
+ Closes #9499
- Fixes #9195
- Closes #9196
+- RELEASE-PROCEDURE.md: mention patch releases
- Reviewed-by: Jay Satiro
- Reviewed-by: Marcel Raad
+ - When to make them and how to argue for them
+ - Refreshed the release date list
-Marc Hoersken (25 Jul 2022)
+ Closes #9495
-- test3026: add support for Windows using native Win32 threads
+- urldata: use a curl_prot_t type for storing protocol bits
- Reviewed-by: Viktor Szakats
- Reviewed-by: Jay Satiro
- Reviewed-by: Daniel Stenberg
+ This internal-use-only storage type can be bumped to a curl_off_t once
+ we need to use bit 32 as the previous 'unsigned int' can no longer hold
+ them all then.
- Follow up to 7ade9c50b35d95d47a43880c3097bebab7a7e690
- Closes #9012
+ The websocket protocols take bit 30 and 31 so they are the last ones
+ that fit within 32 bits - but cannot properly be exported through APIs
+ since those use *signed* 32 bit types (long) in places.
-Evgeny Grin (Karlson2k) (25 Jul 2022)
+ Closes #9481
-- digest: fix memory leak, fix not quoted 'opaque'
+zhanghu on xiaomi (13 Sep 2022)
- Fix leak regression introduced by 3a6fe0c.
+- formdata: fix warning: 'CURLformoption' is promoted to 'int'
- Closes https://github.com/curl/curl/pull/9199
+ curl/lib/formdata.c: In function 'FormAdd':
+ curl/lib/formdata.c:249:31: warning: 'CURLformoption' is promoted to 'int' wh
+ en passed through '...'
+ 249 | option = va_arg(params, CURLformoption);
+ | ^
+ curl/lib/formdata.c:249:31: note: (so you should pass 'int' not 'CURLformopti
+ on' to 'va_arg')
+ curl/lib/formdata.c:249:31: note: if this code is reached, the program will a
+ bort
-Daniel Stenberg (23 Jul 2022)
+ Closes #9484
-- tests: several enumerated type cleanups
+Daniel Stenberg (13 Sep 2022)
- To please icc
+- CURLOPT_CONNECT_ONLY.3: for ws(s) as well
- Closes #9179
+ and correct the version number for when that support comes. Even if it
+ is still experimental for WebSocket.
-- tool_paramhlp: fix "enumerated type mixed with another type"
+ Closes #9487
- Warning by icc
+- tool_operate: avoid a few #ifdefs for disabled-libcurl builds
- Closes #9179
+ By providing empty macros in the header file instead, the code gets
+ easier to read and yet is disabled on demand.
-- tool_writeout: fix enumerated type mixed with another type
+ Closes #9486
- Closes #9179
+a1346054 on github (13 Sep 2022)
-- tool_cfgable: make 'synthetic_error' a plain bool
+- scripts: use `grep -E` instead of `egrep`
- The specific reason was not used.
+ egrep is deprecated
- Closes #9179
+ Closes #9491
-- tool_paramhlp: make check_protocol return ParameterError
+Hayden Roche (13 Sep 2022)
- "enumerated type mixed with another type"
+- wolfSSL: fix session management bug.
- Closes #9179
+ Prior to this commit, non-persistent pointers were being used to store
+ sessions. When a WOLFSSL object was then freed, that freed the session
+ it owned, and thus invalidated the pointer held in curl's cache. This
+ commit makes it so we get a persistent (deep copied) session pointer
+ that we then add to the cache. Accordingly, wolfssl_session_free, which
+ was previously a no-op, now needs to actually call SSL_SESSION_free.
-- tool_formparse: fix variable may be used before its value is set
+ This bug was discovered by a wolfSSL customer.
- Warning by icc
+ Closes #9492
- Closes #9179
+Daniel Stenberg (13 Sep 2022)
-- sendf: skip storing HTTP headers if HTTP disabled
+- docs: use "WebSocket" in singular
- Closes #9179
+ This is how the RFC calls the protocol. Also rename the file in docs/ to
+ WEBSOCKET.md in uppercase to match how we have done it for many other
+ protocol docs in similar fashion.
-- url: enumerated type mixed with another type
+ Add the WebSocket docs to the tarball.
- Follow-up to 1c58e7ae99ce2030213f28b
+ Closes #9496
- Closes #9179
+Marcel Raad (12 Sep 2022)
-- urldata: change second proxytype field to unsigned char to match
+- ws: fix build without `USE_WEBSOCKETS`
- To avoid "enumerated type mixed with another type"
+ The curl.h include is required unconditionally.
- Closes #9179
+- ws: add missing curl.h include
-- http: typecast the httpreq assignment to avoid icc compiler warning
+ A conflict between commits 664249d0952 and e5839f4ee70 broke the build.
- error #188: enumerated type mixed with another type
+Daniel Stenberg (12 Sep 2022)
- Closes #9179
+- ws: fix an infof() call to use %uz for size_t output
-- urldata: make state.httpreq an unsigned char
+ Detected by Coverity, CID 1514665.
- To match set.method used for the same purpose.
+ Closes #9480
- Closes #9179
+Marcel Raad (12 Sep 2022)
-- splay: avoid using -1 in unsigned variable
+- curl_setup: include only system.h instead of curl.h
- To fix icc compiler warning integer conversion resulted in a change of sign
+ As done before commit 9506d01ee50.
- Closes #9179
+ Ref: https://github.com/curl/curl/pull/9375#discussion_r957010158
+ Closes https://github.com/curl/curl/pull/9453
-- sendf: store the header type in an usigned char to avoid icc warnings
+- lib: add missing limits.h includes
- Closes #9179
+ Closes https://github.com/curl/curl/pull/9453
-- multi: fix the return code from Curl_pgrsDone()
+- lib and tests: add missing curl.h includes
- It does not return a CURLcode. Detected by the icc compiler warning
- "enumerated type mixed with another type"
+ Closes https://github.com/curl/curl/pull/9453
- Closes #9179
+- curl_setup: include curl.h after platform setup headers
-- sendf: make Curl_debug a void function
+ The platform setup headers might set definitions required for the
+ includes in curl.h.
- As virtually no called checked the return code, and those that did
- wrongly treated it as a CURLcode. Detected by the icc compiler warning:
- enumerated type mixed with another type
+ Ref: https://github.com/curl/curl/pull/9375#discussion_r956998269
+ Closes https://github.com/curl/curl/pull/9453
- Closes #9179
+Benjamin Loison (12 Sep 2022)
-- http_chunks: remove an assign + typecast
+- docs: correct missing uppercase in Markdown files
- As it caused icc to complain: "pointer cast involving 64-bit pointed-to
- type"
+ To detect these typos I used:
- Closes #9179
+ ```
+ clear && grep -rn '\. [a-z]' . | uniq | grep -v '\. lib' | grep -v '[0-9]\. [
+ a-z]' | grep -v '\.\. [a-z]' | grep -v '\. curl' | grep -v 'e.g. [a-z]' | gre
+ p -v 'eg. [a-z]' | grep -v '\etc. [a-z]' | grep -v 'i.e\. [a-z]' | grep --col
+ or=always '\. [a-z]' | grep '\.md'
+ ```
-- vtls: make Curl_ssl_backend() return the enum type curl_sslbackend
+ Closes #9474
- To fix the icc warning enumerated type mixed with another type
+Daniel Stenberg (12 Sep 2022)
- Closes #9179
+- tool_setopt: use better English in --libcurl source comments
-- curl-compilers.m4: make icc use -diag* options and disable two warnings
+ Like this:
- -wd and -we are deprecated and are now -diag-disable and -diag-error
+ XYZ was set to an object pointer
+ ABC was set to a function pointer
- Disable warning 1024 and 2259
+ Closes #9475
- Closes #9179
+- setopt: make protocol2num use a curl_off_t for the protocol bit
-Matthew Thompson (23 Jul 2022)
+ ... since WSS does not fit within 32 bit.
-- GHA: add two Intel compiler CI jobs
+ Bug: https://github.com/curl/curl/pull/9467#issuecomment-1243014887
+ Closes #9476
- Closes #9179
+- RELEASE-NOTES: synced
-Daniel Katz (21 Jul 2022)
+- configure: polish the grep -E message a bit further
-- curl-functions.m4: check whether atomics can link rather than just compile
+ Suggested-by: Emanuele Torre
+ Closes #9473
- Some build toolchains support C11 atomics (i.e., _Atomic types), but
- will not link the associated atomics runtime unless a flag is passed. In
- such an environment, linking an application with libcurl.a can fail due
- to undefined symbols for atomic load/store functions.
+- GHA: add a gcc-11 -O3 build using OpenSSL
- I encountered this behavior when upgrading curl to 7.84.0 and attempting
- to build with Solaris Studio 12.6. Solaris provides the flag
- -xatomic=[gcc | studio], allowing users to link to one of two atomics
- runtime implementations. However, if the user does not provide this
- flag, then neither runtime is linked. This led to builds failing in CI.
+ Since -O3 might trigger other warnings
- Closes #9190
+ Closes #9454
-Rosen Penev (20 Jul 2022)
+Patrick Monnerat (11 Sep 2022)
-- curl-wolfssl.m4: add options header when building test code
+- content_encoding: use writer struct subclasses for different encodings
- Needed for certain configurations of wolfSSL. Otherwise, missing header
- error may occur.
+ The variable-sized encoding-specific storage of a struct contenc_writer
+ currently relies on void * alignment that may be insufficient with
+ regards to the specific storage fields, although having not caused any
+ problems yet.
- Tested with OpenWrt.
+ In addition, gcc 11.3 issues a warning on access to fields of partially
+ allocated structures that can occur when the specific storage size is 0:
- Closes #9187
+ content_encoding.c: In function ‘Curl_build_unencoding_stack’:
+ content_encoding.c:980:21: warning: array subscript ‘struct contenc_write
+ r[0]’ is partly outside array bounds of ‘unsigned char[16]’ [-Warray-bo
+ unds]
+ 980 | writer->handler = handler;
+ | ~~~~~~~~~~~~~~~~^~~~~~~~~
+ In file included from content_encoding.c:49:
+ memdebug.h:115:29: note: referencing an object of size 16 allocated by ‘c
+ url_dbg_calloc’
+ 115 | #define calloc(nbelem,size) curl_dbg_calloc(nbelem, size, __LINE__,
+ __FILE__)
+ | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ ~~~~~~~~~~
+ content_encoding.c:977:60: note: in expansion of macro ‘calloc’
+ 977 | struct contenc_writer *writer = (struct contenc_writer *)calloc(1
+ , sz);
-Daniel Stenberg (20 Jul 2022)
+ To solve both these problems, the current commit replaces the
+ contenc_writer/params structure pairs by "subclasses" of struct
+ contenc_writer. These are structures that contain a contenc_writer at
+ offset 0. Proper field alignment is therefore handled by the compiler and
+ full structure allocation is performed, silencing the warnings.
-- ftp: use a correct expire ID for timer expiry
+ Closes #9455
- This was an accurate error pointed out by the icc warning: enumerated
- type mixed with another type
+Daniel Stenberg (11 Sep 2022)
- Ref: #9179
- Closes #9184
+- configure: correct the wording when checking grep -E
-- sendf: fix paused header writes since after the header API
+ The check first checks that grep -E works, and only as a fallback tries
+ to find and use egrep. egrep is deprecated.
- Regression since d1e4a67
+ This change only corrects the output wording, not the checks themselves.
- Reported-by: Sergey Ogryzkov
- Fixes #9180
- Closes #9182
+ Closes #9471
-- mprintf: fix *dyn_vprintf() when out-of-memory
+Viktor Szakats (10 Sep 2022)
- Follow-up to 0e48ac1f99a. Torture-testing 1455 would lead to a memory
- leak otherwise.
+- websockets: sync prototypes in docs with implementation [ci skip]
- Closes #9185
+ Docs for the new send/recv functions synced with the committed versions
+ of these.
-- curl-confopts: remove leftover AC_REQUIREs
+ Closes #9470
- configure.ac:3488: warning: CURL_CHECK_FUNC_IOCTL is m4_require'd but not m4_
- defun'd
- configure.ac:3488: warning: CURL_CHECK_FUNC_SETSOCKOPT is m4_require'd but no
- t m4_defun'd
+Daniel Stenberg (10 Sep 2022)
- follow-up from 4d73854462f30
+- setopt: make protocols2num() work with websockets
- Closes #9183
+ So that CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR can
+ specify those as well.
-- file: fix icc enumerated type mixed with another type warning
+ Reported-by: Patrick Monnerat
+ Bug: https://curl.se/mail/lib-2022-09/0016.html
+ Closes #9467
- Ref: #9179
- Closes #9181
+- curl/websockets.h: remove leftover bad typedef
-Viktor Szakats (19 Jul 2022)
+ Just a leftover trace of a development thing that did not stay like
+ that.
-- tidy-up: delete unused build configuration macros
+ Reported-by: Marc Hörsken
+ Fixes #9465
+ Cloes #9466
- Most of them feature guards:
-
- - `CURL_INCLUDES_SYS_UIO` [1]
- - `HAVE_ALLOCA_H` [2]
- - `HAVE_CRYPTO_CLEANUP_ALL_EX_DATA` (unused since de71e68000c8624ea13f90b136f
- 8734dd0fb1bdc)
- - `HAVE_DLFCN_H`
- - `HAVE_DLOPEN`
- - `HAVE_DOPRNT`
- - `HAVE_FCNTL`
- - `HAVE_GETHOSTBYNAME` [3]
- - `HAVE_GETOPT_H`
- - `HAVE_GETPASS`
- - `HAVE_GETPROTOBYNAME`
- - `HAVE_GETSERVBYNAME`
- - `HAVE_IDN_FREE*`
- - `HAVE_INET_ADDR`
- - `HAVE_IOCTL`
- - `HAVE_KRB4`
- - `HAVE_KRB_GET_OUR_IP_FOR_REALM`
- - `HAVE_KRB_H`
- - `HAVE_LDAPSSL_H`
- - `HAVE_LDAP_INIT_FD`
- - `HAVE_LIBDL`
- - `HAVE_LIBNSL`
- - `HAVE_LIBRESOLV*`
- - `HAVE_LIBUCB`
- - `HAVE_LL`
- - `HAVE_LOCALTIME_R`
- - `HAVE_MALLOC_H`
- - `HAVE_MEMCPY`
- - `HAVE_MEMORY_H`
- - `HAVE_NETINET_IF_ETHER_H`
- - `HAVE_NI_WITHSCOPEID`
- - `HAVE_OPENSSL_CRYPTO_H`
- - `HAVE_OPENSSL_ERR_H`
- - `HAVE_OPENSSL_PEM_H`
- - `HAVE_OPENSSL_PKCS12_H`
- - `HAVE_OPENSSL_RAND_H`
- - `HAVE_OPENSSL_RSA_H`
- - `HAVE_OPENSSL_SSL_H`
- - `HAVE_OPENSSL_X509_H`
- - `HAVE_PEM_H`
- - `HAVE_POLL`
- - `HAVE_RAND_SCREEN`
- - `HAVE_RAND_STATUS`
- - `HAVE_RECVFROM`
- - `HAVE_SETSOCKOPT`
- - `HAVE_SETVBUF`
- - `HAVE_SIZEOF_LONG_DOUBLE`
- - `HAVE_SOCKIO_H`
- - `HAVE_SOCK_OPTS`
- - `HAVE_STDIO_H`
- - `HAVE_STRCASESTR`
- - `HAVE_STRFTIME`
- - `HAVE_STRLCAT`
- - `HAVE_STRNCMPI`
- - `HAVE_STRNICMP`
- - `HAVE_STRSTR`
- - `HAVE_STRUCT_IN6_ADDR`
- - `HAVE_TLD_H`
- - `HAVE_TLD_STRERROR`
- - `HAVE_UNAME`
- - `HAVE_USLEEP`
- - `HAVE_WINBER_H`
- - `HAVE_WRITEV`
- - `HAVE_X509_H`
- - `LT_OBJDIR`
- - `NEED_BASENAME_PROTO`
- - `NOT_NEED_LIBNSL`
- - `OPENSSL_NO_KRB5`
- - `RECVFROM_TYPE*`
- - `SIZEOF_LONG_DOUBLE`
- - `STRERROR_R_TYPE_ARG3`
- - `USE_YASSLEMUL`
- - `_USRDLL` (from CMake) [4]
-
- [1] Related parts in `m4/curl-functions.m4` and `configure.ac` might
- also be deleted.
-
- [2] Related comment can possibly be deleted in
- `packages/vms/generate_config_vms_h_curl.com`.
-
- [3] There are more instances of this in autotools, but I did not dare to
- touch those. Looked like it's used to detect socket support.
-
- [4] This is necessary for MFC (Microsoft Foundation Class) DLLs to
- force linking MFC components statically to the DLL. `libcurl.dll`
- does not use MFC, so we can delete this define.
- Ref: https://docs.microsoft.com/cpp/build/regular-dlls-statically-linked-
- to-mfc
-
- Script that can help finding unused settings like above:
- ```shell
-
- autoheader configure.ac # generate lib/curl_config.h.in
-
- {
- grep -o -E 'set\([A-Z][A-Z0-9_]{3,}' CMake/Platforms/WindowsCac
- he.cmake | sed -E 's|set\(||g'
- grep -o -E -h '#define +[A-Z][A-Z0-9_]{3,}' lib/config-*.h
- | sed -E 's|#define +||g'
- grep -o -E '#cmakedefine +[A-Z][A-Z0-9_]{3,}' lib/curl_config.h.cmake
- | sed -E 's|#cmakedefine +||g'
- grep -o -E '#undef +[A-Z][A-Z0-9_]{3,}' lib/curl_config.h.in
- | sed -E 's|#undef +||g'
- } | sort -u | grep -v -F 'HEADER_CURL_' | while read -r def; do
- c="$(git grep -w -F "${def}" | grep -v -E -c '(/libcurl\.tmpl|^lib/config-|
- ^lib/curl_config\.h\.cmake|^CMakeLists\.txt|^CMake/Platforms/WindowsCache\.cm
- ake|^packages/vms/config_h\.com|^m4/curl-functions\.m4|^acinclude\.m4|^config
- ure\.ac)')"
- if [ "${c}" = '0' ]; then
- echo "${def}"
- fi
- done
- ```
+Orgad Shaneh (10 Sep 2022)
- Reviewed-by: Daniel Stenberg
- Closes #9044
+- fix Cygwin/MSYS compilation
-Daniel Stenberg (19 Jul 2022)
+ _getpid is Windows API. On Cygwin variants it should remain getpid.
-- RELEASE-NOTES: synced
+ Fixes #8220
+ Closes #9255
-- cookie: treat a blank domain in Set-Cookie: as non-existing
+Marc Hoersken (10 Sep 2022)
- This matches what RFC 6265 section 5.2.3 says.
+- GHA: prepare workflow merge by aligning structure again
- Extended test 31 to verify.
+ Closes #9413
- Fixes #9164
- Reported-by: Gwen Shapira
- Closes #9177
+Daniel Stenberg (9 Sep 2022)
-Patrick Monnerat (19 Jul 2022)
+- docs: the websockets symbols are added in 7.86.0
-- base64: base64url encoding has no padding
+ Nothing else
- See RFC4648 section 5 and RFC7540 section 3.2.1.
+ Closes #9459
- Suppress generation of '=' padding of base64url encoding. This is
- accomplished by considering the string beginning at offset 64 in the
- character table as the padding: this is "=" for base64, "" for base64url.
+- tests/libtest/Makefile.inc: fixup merge conflict mistake
- Also use strchr() to replace character search loops where possible.
+- EXPERIMENTAL.md: add WebSockets
- Suppress erroneous comments about empty encoding results.
+- appveyor: enable websockets
- Adjust unit test 1302 to unpadded base64url encoding and add tests for
- empty results.
+- cirrus: enable websockets in the windows builds
- Closes #9139
+- GHA: add websockets to macos, openssl3 and hyper builds
-Daniel Stenberg (19 Jul 2022)
+- tests: add websockets tests
-- easyoptions: fix icc warning
+ - add websockets support to sws
+ - 2300: first very basic websockets test
+ - 2301: first libcurl test for ws (not working yet)
+ - 2302: use the ws callback
+ - 2303: test refused upgrade
- easyoptions.c(360): error #188: enumerated type mixed with another type
+- curl_ws_meta: initial implementation
- Ref: #9156
- Reported-by: Matthew Thompson
- Closes #9176
+- curl_ws_meta.3: added docs
-lwthiker (19 Jul 2022)
+- ws: initial websockets support
-- h2h3: fix overriding the 'TE: Trailers' header
+ Closes #8995
- A 'TE: Trailers' header is explicitly replaced by 'te: trailers'
- (lowercase) in Curl_pseudo_headers() when building the list of HTTP/2 or
- HTTP/3 headers. However, this is then replaced again by the original
- value due to a bug, resulting in the uppercased version being sent. Some
- HTTP/2 servers reject the whole HTTP/2 stream when this is the case.
+- version: add ws + wss
- Closes #9170
+- libtest/lib1560: test basic websocket URL parsing
-Daniel Stenberg (18 Jul 2022)
+- configure: add --enable-websockets
-- lib3026: reduce the number of threads to 100
+- docs/WebSockets.md: docs
- Down from 1000, to make it run and work in more systems.
+- test415: verify Content-Length parser with control code + negative value
- Fixes #9172
- Reported-by: Érico Nogueira Rolim
- Closes #9173
+- strtoofft: after space, there cannot be a control code
-- doh: move doh related struct definitions to doh.h
+ With the change from ISSPACE() to ISBLANK() this function no longer
+ deals with (ignores) control codes the same way, which could lead to
+ this function returning unexpected values like in the case of
+ "Content-Length: \r-12354".
- and make 'dnstype' in 'struct dnsprobe' use the DNStype to fix the icc compil
- er warning:
+ Follow-up to 6f9fb7ec2d7cb389a0da5
- doh.c(924): error #188: enumerated type mixed with another type
+ Detected by OSS-fuzz
+ Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51140
+ Assisted-by: Max Dymond
+ Closes #9458
- Reported-by: Matthew Thompson
- Ref #9156
- Closes #9174
+- headers: reset the requests counter at transfer start
-Viktor Szakats (17 Jul 2022)
+ If not, reusing an easy handle to do a subsequent transfer would
+ continue the counter from the previous invoke, which then would make use
+ of the header API difficult/impossible as the request counter
+ mismatched.
-- Makefile.m32: stop trying to build libcares.a [ci skip]
+ Add libtest 1947 to verify.
- Before this patch, `lib/Makefile.m32` had a rule to build `libcares.a` in
- `-cares`-enabled builds, via c-ares's own `Makefile.m32`. Committed in
- 2007 [1]. The commit message doesn't specifically address this particular
- change. This logic comes from the times when c-ares was part of the curl
- source tree, hence the special treatment.
+ Reported-by: Andrew Lambert
+ Fixes #9424
+ Closes #9447
- This feature creates problems when building c-ares first, using CMake
- and pointing `LIBCARES_PATH` to its install prefix, where `Makefile.m32`
- is missing in such case. A sub-build for c-ares is undesired also when
- c-ares had already been build via its own `Makefile.m32`.
+Jay Satiro (8 Sep 2022)
- To avoid the sub-build, this patch deletes its Makefile rule. After this
- patch `libcares.a` needs to be manually built before using it in
- `Makefile.m32`. Aligning it with the rest of dependencies.
+- header: define public API functions as extern c
- [1] 46c92c0b806da041d7a5c6fb64dbcdc474d99b31
+ Prior to this change linker errors would occur if curl_easy_header or
+ curl_easy_nextheader was called from a C++ unit.
- Reviewed-by: Daniel Stenberg
- Closes #9169
+ Bug: https://github.com/curl/curl/issues/9424#issuecomment-1238818007
+ Reported-by: Andrew Lambert
-Daniel Stenberg (17 Jul 2022)
+ Closes https://github.com/curl/curl/pull/9446
-- curl: writeout: fix repeated header outputs
+Daniel Stenberg (8 Sep 2022)
- The function stored a terminating zero into the buffer for convenience,
- but when on repeated calls that would cause problems. Starting now, the
- passed in buffer is not modified.
+- http2: make nghttp2 less picky about field whitespace
- Reported-by: highmtworks on github
- Fixes #9150
- Closes #9152
+ In nghttp2 1.49.0 it returns error on leading and trailing whitespace in
+ header fields according to language in the recently shipped RFC 9113.
-- curl_multi_timeout.3: clarify usage
+ nghttp2 1.50.0 introduces an option to switch off this strict check and
+ this change enables this option by default which should make curl behave
+ more similar to how it did with nghttp2 1.48.0 and earlier.
- Fixes #9155
- Closes #9157
- Reported-by: jvvprasad78 on github
+ We might want to consider making this an option in the future.
-- mprintf: make dprintf_formatf never return negative
+ Closes #9448
- This function no longer returns a negative value if the formatting
- string is bad since the return value would sometimes be propagated as a
- return code from the mprintf* functions and they are documented to
- return the length of the output. Which cannot be negative.
+- RELEASE-NOTES: synced
- Fixes #9149
- Closes #9151
- Reported-by: yiyuaner on github
+ And bump to 7.86.0 for the pending next release
diff --git a/libs/libcurl/docs/THANKS b/libs/libcurl/docs/THANKS
index 5f2b7f729e..699eebabfc 100644
--- a/libs/libcurl/docs/THANKS
+++ b/libs/libcurl/docs/THANKS
@@ -333,6 +333,7 @@ Bob Schader
bobmitchell1956 on github
Bodo Bergmann
Bogdan Nicula
+Boris Okunskiy
Boris Rasin
Boris Verkhovskiy
Brad Burdick
@@ -526,7 +527,6 @@ Dan Becker
Dan Cristian
Dan Donahue
Dan Fandrich
-Dan Jacobson
Dan Johnson
Dan Kenigsberg
Dan Locks
@@ -842,6 +842,7 @@ Feng Tu
Fernando Muñoz
Filip Lundgren
Filip Salomonsson
+finkjsc on github
Firefox OS
Flameborn on github
Flavio Medeiros
@@ -957,6 +958,7 @@ Gregory Panakkal
Gregory Szorc
Griffin Downs
Grigory Entin
+Grisha Levit
Guenole Bescon
Guido Berhoerster
Guillaume Arluison
@@ -1059,6 +1061,7 @@ Ilguiz Latypov
Ilja van Sprundel
Illarion Taev
illusory-dream on github
+Ilmari Lauhakangas
Ilya Kosarev
imilli on github
Immanuel Gregoire
@@ -1086,6 +1089,7 @@ J. Bromley
Jack Boos Yu
Jack Zhang
Jackarain on github
+JackBoosY on github
Jacky Lam
Jacob Barthelmeh
Jacob Hoffman-Andrews
@@ -1122,6 +1126,7 @@ Jamie Wilkinson
Jan Alexander Steffens
Jan Chren
Jan Ehrhardt
+Jan Engelhardt
Jan Koen Annot
Jan Kunder
Jan Mazur
@@ -1178,6 +1183,7 @@ Jeff Weber
Jeffrey Tolar
Jeffrey Walton
jeffrson on github
+Jelle van der Waa
Jenny Heino
Jens Finkhaeuser
Jens Rantil
@@ -1197,6 +1203,7 @@ Jeroen Ooms
Jerome Mao
Jerome Muffat-Meridol
Jerome Robert
+Jerome St-Louis
Jerome Vouillon
Jerry Krinock
Jerry Wu
@@ -1365,6 +1372,7 @@ jvreelanda on github
jvvprasad78 on github
jzinn on github
János Fekete
+Jérémy Rabasco
Jérémy Rocher
Jörg Mueller-Tolk
Jörn Hartroth
@@ -1393,6 +1401,7 @@ Kaspar Brand
Katie Wang
Katsuhiko YOSHIDA
Kazuho Oku
+kchow-FTNT on github
Kees Cook
Kees Dekker
Keitagit-kun on github
@@ -1562,6 +1571,7 @@ lwthiker on github
Lyman Epp
Lyndon Hill
M.R.T on github
+Maciej Domanski
Maciej Karpiuk
Maciej Puzio
Maciej W. Rozycki
@@ -1635,6 +1645,7 @@ Markus Olsson
Markus Westerlind
Maros Priputen
Marquis de Muesli
+marski on github
Martijn Koster
Martin Ankerl
Martin Bašti
@@ -1669,6 +1680,7 @@ masbug on github
Massimiliano Fantuzzi
Massimiliano Ziccardi
Massimo Callegari
+Master Inspire
MasterInQuestion on github
Mateusz Loskot
Mathias Axelsson
@@ -1681,6 +1693,7 @@ Mats Lindestam
Matt Arsenault
Matt Ford
Matt Holt
+Matt Jolly
Matt Kraai
Matt McClure
Matt Veenstra
@@ -1940,6 +1953,7 @@ Olivier Brunel
Omar Ramadan
omau on github
opensignature on github
+opensslonzos-github on github
Orange Tsai
Oren Souroujon
Oren Tirosh
@@ -2068,6 +2082,7 @@ Philip Heiduck
Philip Langdale
Philip Prindeville
Philip Sanetra
+Philipp Engel
Philipp Klaus Krause
Philipp Waehnert
Philippe Hameau
@@ -2283,6 +2298,7 @@ Ruslan Gazizov
Rutger Hofman
Ruurd Beerstra
RuurdBeerstra on github
+rwmjones on github
Ryan Beck-Buysse
Ryan Braud
Ryan Chan
@@ -2315,6 +2331,7 @@ Samuel Marks
Samuel Surtees
Samuel Thibault
Samuel Tranchet
+SandakovMM on github
Sander Gates
Sandor Feldi
Sandro Jaeckel
@@ -2347,12 +2364,15 @@ Sebastian Mundry
Sebastian Pohlschmidt
Sebastian Rasmussen
Sebastian Sterk
+SendSonS on github
Senthil Raja Velu
Sergei Kuzmin
Sergei Nikulov
Sergey Bronnikov
+Sergey Fionov
Sergey Markelov
Sergey Ogryzkov
+Sergey Ryabinin
Sergey Tatarincev
Sergii Kavunenko
Sergii Pylypenko
@@ -2360,6 +2380,7 @@ Sergio Ballestrero
Sergio Barresi
Sergio Borghese
Sergio Durigan Junior
+Sergio Mijatovic
Sergio-IME on github
sergio-nsk on github
Serj Kalichev
@@ -2822,4 +2843,4 @@ zzq1015 on github
不确定
加藤郁之
梦终无痕
-
+積丹尼 Dan Jacobson
diff --git a/libs/libcurl/include/curl/curl.h b/libs/libcurl/include/curl/curl.h
index 556a88deeb..0ec7223141 100644
--- a/libs/libcurl/include/curl/curl.h
+++ b/libs/libcurl/include/curl/curl.h
@@ -34,11 +34,12 @@
#endif
/* Compile-time deprecation macros. */
-#if defined(__GNUC__) && (__GNUC__ >= 6) && \
+#if defined(__GNUC__) && \
+ ((__GNUC__ > 12) || ((__GNUC__ == 12) && (__GNUC_MINOR__ >= 1 ))) && \
!defined(__INTEL_COMPILER) && \
!defined(CURL_DISABLE_DEPRECATION) && !defined(BUILDING_LIBCURL)
-#define CURL_DEPRECATED(version, message) \
- __attribute__((deprecated("since " # version ". " message)))
+#define CURL_DEPRECATED(version, message) \
+ __attribute__((deprecated("since " # version ". " message)))
#define CURL_IGNORE_DEPRECATION(statements) \
_Pragma("GCC diagnostic push") \
_Pragma("GCC diagnostic ignored \"-Wdeprecated-declarations\"") \
diff --git a/libs/libcurl/include/curl/curlver.h b/libs/libcurl/include/curl/curlver.h
index d2f6d8e293..ac29eb51c7 100644
--- a/libs/libcurl/include/curl/curlver.h
+++ b/libs/libcurl/include/curl/curlver.h
@@ -32,12 +32,12 @@
/* This is the version number of the libcurl package from which this header
file origins: */
-#define LIBCURL_VERSION "7.88.1"
+#define LIBCURL_VERSION "8.0.1"
/* The numeric version number is also available "in parts" by using these
defines: */
-#define LIBCURL_VERSION_MAJOR 7
-#define LIBCURL_VERSION_MINOR 88
+#define LIBCURL_VERSION_MAJOR 8
+#define LIBCURL_VERSION_MINOR 0
#define LIBCURL_VERSION_PATCH 1
/* This is the numeric version of the libcurl version number, meant for easier
@@ -59,7 +59,7 @@
CURL_VERSION_BITS() macro since curl's own configure script greps for it
and needs it to contain the full number.
*/
-#define LIBCURL_VERSION_NUM 0x075801
+#define LIBCURL_VERSION_NUM 0x080001
/*
* This is the date and time when the full source package was created. The
@@ -70,7 +70,7 @@
*
* "2007-11-23"
*/
-#define LIBCURL_TIMESTAMP "2023-02-20"
+#define LIBCURL_TIMESTAMP "2023-03-20"
#define CURL_VERSION_BITS(x,y,z) ((x)<<16|(y)<<8|(z))
#define CURL_AT_LEAST_VERSION(x,y,z) \
diff --git a/libs/libcurl/include/curl/urlapi.h b/libs/libcurl/include/curl/urlapi.h
index a65e7f4692..2440c1affc 100644
--- a/libs/libcurl/include/curl/urlapi.h
+++ b/libs/libcurl/include/curl/urlapi.h
@@ -117,14 +117,14 @@ CURL_EXTERN void curl_url_cleanup(CURLU *handle);
* curl_url_dup() duplicates a CURLU handle and returns a new copy. The new
* handle must also be freed with curl_url_cleanup().
*/
-CURL_EXTERN CURLU *curl_url_dup(CURLU *in);
+CURL_EXTERN CURLU *curl_url_dup(const CURLU *in);
/*
* curl_url_get() extracts a specific part of the URL from a CURLU
* handle. Returns error code. The returned pointer MUST be freed with
* curl_free() afterwards.
*/
-CURL_EXTERN CURLUcode curl_url_get(CURLU *handle, CURLUPart what,
+CURL_EXTERN CURLUcode curl_url_get(const CURLU *handle, CURLUPart what,
char **part, unsigned int flags);
/*
diff --git a/libs/libcurl/libcurl.vcxproj b/libs/libcurl/libcurl.vcxproj
index af5e41c6ca..42e3a7cd03 100644
--- a/libs/libcurl/libcurl.vcxproj
+++ b/libs/libcurl/libcurl.vcxproj
@@ -47,7 +47,7 @@
<ClCompile Include="src\c-hyper.c">
<PrecompiledHeader>NotUsing</PrecompiledHeader>
</ClCompile>
- <ClCompile Include="src\cf-http.c">
+ <ClCompile Include="src\cf-https-connect.c">
<PrecompiledHeader>NotUsing</PrecompiledHeader>
</ClCompile>
<ClCompile Include="src\cf-socket.c">
@@ -461,9 +461,6 @@
<ClCompile Include="src\warnless.c">
<PrecompiledHeader>NotUsing</PrecompiledHeader>
</ClCompile>
- <ClCompile Include="src\wildcard.c">
- <PrecompiledHeader>NotUsing</PrecompiledHeader>
- </ClCompile>
<ClCompile Include="src\ws.c">
<PrecompiledHeader>NotUsing</PrecompiledHeader>
</ClCompile>
@@ -473,7 +470,7 @@
<ClInclude Include="src\asyn.h" />
<ClInclude Include="src\bufref.h" />
<ClInclude Include="src\c-hyper.h" />
- <ClInclude Include="src\cf-http.h" />
+ <ClInclude Include="src\cf-https-connect.h" />
<ClInclude Include="src\cf-socket.h" />
<ClInclude Include="src\cfilters.h" />
<ClInclude Include="src\config-amigaos.h" />
@@ -608,7 +605,6 @@
<ClInclude Include="src\vquic\vquic.h" />
<ClInclude Include="src\vquic\vquic_int.h" />
<ClInclude Include="src\warnless.h" />
- <ClInclude Include="src\wildcard.h" />
<ClInclude Include="src\ws.h" />
</ItemGroup>
<ItemGroup>
diff --git a/libs/libcurl/libcurl.vcxproj.filters b/libs/libcurl/libcurl.vcxproj.filters
index 46bd409df3..c73c53cb99 100644
--- a/libs/libcurl/libcurl.vcxproj.filters
+++ b/libs/libcurl/libcurl.vcxproj.filters
@@ -23,7 +23,7 @@
<ClCompile Include="src\c-hyper.c">
<Filter>Source Files</Filter>
</ClCompile>
- <ClCompile Include="src\cf-http.c">
+ <ClCompile Include="src\cf-https-connect.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="src\cf-socket.c">
@@ -431,9 +431,6 @@
<ClCompile Include="src\warnless.c">
<Filter>Source Files</Filter>
</ClCompile>
- <ClCompile Include="src\wildcard.c">
- <Filter>Source Files</Filter>
- </ClCompile>
<ClCompile Include="src\strcase.c">
<Filter>Source Files</Filter>
</ClCompile>
@@ -496,7 +493,7 @@
<ClInclude Include="src\c-hyper.h">
<Filter>Header Files</Filter>
</ClInclude>
- <ClInclude Include="src\cf-http.h">
+ <ClInclude Include="src\cf-https-connect.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="src\cf-socket.h">
@@ -901,9 +898,6 @@
<ClInclude Include="src\warnless.h">
<Filter>Header Files</Filter>
</ClInclude>
- <ClInclude Include="src\wildcard.h">
- <Filter>Header Files</Filter>
- </ClInclude>
<ClInclude Include="src\ws.h">
<Filter>Header Files</Filter>
</ClInclude>
diff --git a/libs/libcurl/src/CMakeLists.txt b/libs/libcurl/src/CMakeLists.txt
index f2968e708d..d37499846a 100644
--- a/libs/libcurl/src/CMakeLists.txt
+++ b/libs/libcurl/src/CMakeLists.txt
@@ -47,29 +47,6 @@ if(WIN32 AND NOT CURL_STATICLIB)
list(APPEND CSOURCES libcurl.rc)
endif()
-# SET(CSOURCES
-# # memdebug.c -not used
-# # nwlib.c - Not used
-# # strtok.c - specify later
-# # strtoofft.c - specify later
-# )
-
-# #OPTION(CURL_MALLOC_DEBUG "Debug mallocs in Curl" OFF)
-# MARK_AS_ADVANCED(CURL_MALLOC_DEBUG)
-# IF(CURL_MALLOC_DEBUG)
-# SET(CSOURCES ${CSOURCES}
-# memdebug.c
-# )
-# ENDIF(CURL_MALLOC_DEBUG)
-
-# # only build compat strtoofft if we need to
-# IF(NOT HAVE_STRTOLL AND NOT HAVE__STRTOI64)
-# SET(CSOURCES ${CSOURCES}
-# strtoofft.c
-# )
-# ENDIF(NOT HAVE_STRTOLL AND NOT HAVE__STRTOI64)
-
-
# The rest of the build
include_directories(${CMAKE_CURRENT_BINARY_DIR}/../include)
diff --git a/libs/libcurl/src/Makefile.in b/libs/libcurl/src/Makefile.in
index d86dc19d04..f1144ae9c3 100644
--- a/libs/libcurl/src/Makefile.in
+++ b/libs/libcurl/src/Makefile.in
@@ -212,7 +212,7 @@ am__installdirs = "$(DESTDIR)$(libdir)"
LTLIBRARIES = $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES)
libcurl_la_LIBADD =
am__libcurl_la_SOURCES_DIST = altsvc.c amigaos.c asyn-ares.c \
- asyn-thread.c base64.c bufref.c c-hyper.c cf-http.c \
+ asyn-thread.c base64.c bufref.c c-hyper.c cf-https-connect.c \
cf-socket.c cfilters.c conncache.c connect.c \
content_encoding.c cookie.c curl_addrinfo.c curl_des.c \
curl_endian.c curl_fnmatch.c curl_get_line.c \
@@ -234,43 +234,44 @@ am__libcurl_la_SOURCES_DIST = altsvc.c amigaos.c asyn-ares.c \
speedcheck.c splay.c strcase.c strdup.c strerror.c strtok.c \
strtoofft.c system_win32.c telnet.c tftp.c timediff.c \
timeval.c transfer.c url.c urlapi.c version.c version_win32.c \
- warnless.c wildcard.c ws.c vauth/cleartext.c vauth/cram.c \
- vauth/digest.c vauth/digest_sspi.c vauth/gsasl.c \
- vauth/krb5_gssapi.c vauth/krb5_sspi.c vauth/ntlm.c \
- vauth/ntlm_sspi.c vauth/oauth2.c vauth/spnego_gssapi.c \
- vauth/spnego_sspi.c vauth/vauth.c vtls/bearssl.c vtls/gskit.c \
- vtls/gtls.c vtls/hostcheck.c vtls/keylog.c vtls/mbedtls.c \
+ warnless.c ws.c vauth/cleartext.c vauth/cram.c vauth/digest.c \
+ vauth/digest_sspi.c vauth/gsasl.c vauth/krb5_gssapi.c \
+ vauth/krb5_sspi.c vauth/ntlm.c vauth/ntlm_sspi.c \
+ vauth/oauth2.c vauth/spnego_gssapi.c vauth/spnego_sspi.c \
+ vauth/vauth.c vtls/bearssl.c vtls/gskit.c vtls/gtls.c \
+ vtls/hostcheck.c vtls/keylog.c vtls/mbedtls.c \
vtls/mbedtls_threadlock.c vtls/nss.c vtls/openssl.c \
vtls/rustls.c vtls/schannel.c vtls/schannel_verify.c \
vtls/sectransp.c vtls/vtls.c vtls/wolfssl.c vtls/x509asn1.c \
vquic/curl_msh3.c vquic/curl_ngtcp2.c vquic/curl_quiche.c \
vquic/vquic.c vssh/libssh.c vssh/libssh2.c vssh/wolfssh.c \
altsvc.h amigaos.h arpa_telnet.h asyn.h bufref.h c-hyper.h \
- cf-http.h cf-socket.h cfilters.h conncache.h connect.h \
- content_encoding.h cookie.h curl_addrinfo.h curl_base64.h \
- curl_ctype.h curl_des.h curl_endian.h curl_fnmatch.h \
- curl_get_line.h curl_gethostname.h curl_gssapi.h curl_hmac.h \
- curl_krb5.h curl_ldap.h curl_log.h curl_md4.h curl_md5.h \
- curl_memory.h curl_memrchr.h curl_multibyte.h curl_ntlm_core.h \
- curl_ntlm_wb.h curl_path.h curl_printf.h curl_range.h \
- curl_rtmp.h curl_sasl.h curl_setup.h curl_setup_once.h \
- curl_sha256.h curl_sspi.h curl_threads.h curlx.h dict.h doh.h \
- dynbuf.h easy_lock.h easyif.h easyoptions.h escape.h file.h \
- fileinfo.h fopen.h formdata.h functypes.h ftp.h \
- ftplistparser.h getinfo.h gopher.h h2h3.h hash.h headers.h \
- hostip.h hsts.h http.h http2.h http_chunks.h http_digest.h \
- http_negotiate.h http_ntlm.h http_proxy.h http_aws_sigv4.h \
- idn.h if2ip.h imap.h inet_ntop.h inet_pton.h llist.h \
- memdebug.h mime.h mqtt.h multihandle.h multiif.h netrc.h \
- nonblock.h noproxy.h parsedate.h pingpong.h pop3.h progress.h \
- psl.h rand.h rename.h rtsp.h select.h sendf.h setopt.h \
- setup-vms.h share.h sigpipe.h slist.h smb.h smtp.h sockaddr.h \
- socketpair.h socks.h speedcheck.h splay.h strcase.h strdup.h \
- strerror.h strtok.h strtoofft.h system_win32.h telnet.h tftp.h \
- timediff.h timeval.h transfer.h url.h urlapi-int.h urldata.h \
- version_win32.h warnless.h wildcard.h ws.h vauth/digest.h \
- vauth/ntlm.h vauth/vauth.h vtls/bearssl.h vtls/gskit.h \
- vtls/gtls.h vtls/hostcheck.h vtls/keylog.h vtls/mbedtls.h \
+ cf-https-connect.h cf-socket.h cfilters.h conncache.h \
+ connect.h content_encoding.h cookie.h curl_addrinfo.h \
+ curl_base64.h curl_ctype.h curl_des.h curl_endian.h \
+ curl_fnmatch.h curl_get_line.h curl_gethostname.h \
+ curl_gssapi.h curl_hmac.h curl_krb5.h curl_ldap.h curl_log.h \
+ curl_md4.h curl_md5.h curl_memory.h curl_memrchr.h \
+ curl_multibyte.h curl_ntlm_core.h curl_ntlm_wb.h curl_path.h \
+ curl_printf.h curl_range.h curl_rtmp.h curl_sasl.h \
+ curl_setup.h curl_setup_once.h curl_sha256.h curl_sspi.h \
+ curl_threads.h curlx.h dict.h doh.h dynbuf.h easy_lock.h \
+ easyif.h easyoptions.h escape.h file.h fileinfo.h fopen.h \
+ formdata.h functypes.h ftp.h ftplistparser.h getinfo.h \
+ gopher.h h2h3.h hash.h headers.h hostip.h hsts.h http.h \
+ http2.h http_chunks.h http_digest.h http_negotiate.h \
+ http_ntlm.h http_proxy.h http_aws_sigv4.h idn.h if2ip.h imap.h \
+ inet_ntop.h inet_pton.h llist.h memdebug.h mime.h mqtt.h \
+ multihandle.h multiif.h netrc.h nonblock.h noproxy.h \
+ parsedate.h pingpong.h pop3.h progress.h psl.h rand.h rename.h \
+ rtsp.h select.h sendf.h setopt.h setup-vms.h share.h sigpipe.h \
+ slist.h smb.h smtp.h sockaddr.h socketpair.h socks.h \
+ speedcheck.h splay.h strcase.h strdup.h strerror.h strtok.h \
+ strtoofft.h system_win32.h telnet.h tftp.h timediff.h \
+ timeval.h transfer.h url.h urlapi-int.h urldata.h \
+ version_win32.h warnless.h ws.h vauth/digest.h vauth/ntlm.h \
+ vauth/vauth.h vtls/bearssl.h vtls/gskit.h vtls/gtls.h \
+ vtls/hostcheck.h vtls/keylog.h vtls/mbedtls.h \
vtls/mbedtls_threadlock.h vtls/nssg.h vtls/openssl.h \
vtls/rustls.h vtls/schannel.h vtls/sectransp.h vtls/vtls.h \
vtls/vtls_int.h vtls/wolfssl.h vtls/x509asn1.h \
@@ -279,7 +280,7 @@ am__libcurl_la_SOURCES_DIST = altsvc.c amigaos.c asyn-ares.c \
am__objects_1 = libcurl_la-altsvc.lo libcurl_la-amigaos.lo \
libcurl_la-asyn-ares.lo libcurl_la-asyn-thread.lo \
libcurl_la-base64.lo libcurl_la-bufref.lo \
- libcurl_la-c-hyper.lo libcurl_la-cf-http.lo \
+ libcurl_la-c-hyper.lo libcurl_la-cf-https-connect.lo \
libcurl_la-cf-socket.lo libcurl_la-cfilters.lo \
libcurl_la-conncache.lo libcurl_la-connect.lo \
libcurl_la-content_encoding.lo libcurl_la-cookie.lo \
@@ -329,7 +330,7 @@ am__objects_1 = libcurl_la-altsvc.lo libcurl_la-amigaos.lo \
libcurl_la-timeval.lo libcurl_la-transfer.lo libcurl_la-url.lo \
libcurl_la-urlapi.lo libcurl_la-version.lo \
libcurl_la-version_win32.lo libcurl_la-warnless.lo \
- libcurl_la-wildcard.lo libcurl_la-ws.lo
+ libcurl_la-ws.lo
am__dirstamp = $(am__leading_dot)dirstamp
am__objects_2 = vauth/libcurl_la-cleartext.lo vauth/libcurl_la-cram.lo \
vauth/libcurl_la-digest.lo vauth/libcurl_la-digest_sspi.lo \
@@ -372,7 +373,7 @@ libcurlu_la_LIBADD =
am__objects_11 = libcurlu_la-altsvc.lo libcurlu_la-amigaos.lo \
libcurlu_la-asyn-ares.lo libcurlu_la-asyn-thread.lo \
libcurlu_la-base64.lo libcurlu_la-bufref.lo \
- libcurlu_la-c-hyper.lo libcurlu_la-cf-http.lo \
+ libcurlu_la-c-hyper.lo libcurlu_la-cf-https-connect.lo \
libcurlu_la-cf-socket.lo libcurlu_la-cfilters.lo \
libcurlu_la-conncache.lo libcurlu_la-connect.lo \
libcurlu_la-content_encoding.lo libcurlu_la-cookie.lo \
@@ -426,8 +427,7 @@ am__objects_11 = libcurlu_la-altsvc.lo libcurlu_la-amigaos.lo \
libcurlu_la-timeval.lo libcurlu_la-transfer.lo \
libcurlu_la-url.lo libcurlu_la-urlapi.lo \
libcurlu_la-version.lo libcurlu_la-version_win32.lo \
- libcurlu_la-warnless.lo libcurlu_la-wildcard.lo \
- libcurlu_la-ws.lo
+ libcurlu_la-warnless.lo libcurlu_la-ws.lo
am__objects_12 = vauth/libcurlu_la-cleartext.lo \
vauth/libcurlu_la-cram.lo vauth/libcurlu_la-digest.lo \
vauth/libcurlu_la-digest_sspi.lo vauth/libcurlu_la-gsasl.lo \
@@ -480,7 +480,7 @@ am__depfiles_remade = ./$(DEPDIR)/libcurl_la-altsvc.Plo \
./$(DEPDIR)/libcurl_la-base64.Plo \
./$(DEPDIR)/libcurl_la-bufref.Plo \
./$(DEPDIR)/libcurl_la-c-hyper.Plo \
- ./$(DEPDIR)/libcurl_la-cf-http.Plo \
+ ./$(DEPDIR)/libcurl_la-cf-https-connect.Plo \
./$(DEPDIR)/libcurl_la-cf-socket.Plo \
./$(DEPDIR)/libcurl_la-cfilters.Plo \
./$(DEPDIR)/libcurl_la-conncache.Plo \
@@ -592,7 +592,6 @@ am__depfiles_remade = ./$(DEPDIR)/libcurl_la-altsvc.Plo \
./$(DEPDIR)/libcurl_la-version.Plo \
./$(DEPDIR)/libcurl_la-version_win32.Plo \
./$(DEPDIR)/libcurl_la-warnless.Plo \
- ./$(DEPDIR)/libcurl_la-wildcard.Plo \
./$(DEPDIR)/libcurl_la-ws.Plo \
./$(DEPDIR)/libcurlu_la-altsvc.Plo \
./$(DEPDIR)/libcurlu_la-amigaos.Plo \
@@ -601,7 +600,7 @@ am__depfiles_remade = ./$(DEPDIR)/libcurl_la-altsvc.Plo \
./$(DEPDIR)/libcurlu_la-base64.Plo \
./$(DEPDIR)/libcurlu_la-bufref.Plo \
./$(DEPDIR)/libcurlu_la-c-hyper.Plo \
- ./$(DEPDIR)/libcurlu_la-cf-http.Plo \
+ ./$(DEPDIR)/libcurlu_la-cf-https-connect.Plo \
./$(DEPDIR)/libcurlu_la-cf-socket.Plo \
./$(DEPDIR)/libcurlu_la-cfilters.Plo \
./$(DEPDIR)/libcurlu_la-conncache.Plo \
@@ -717,7 +716,6 @@ am__depfiles_remade = ./$(DEPDIR)/libcurl_la-altsvc.Plo \
./$(DEPDIR)/libcurlu_la-version.Plo \
./$(DEPDIR)/libcurlu_la-version_win32.Plo \
./$(DEPDIR)/libcurlu_la-warnless.Plo \
- ./$(DEPDIR)/libcurlu_la-wildcard.Plo \
./$(DEPDIR)/libcurlu_la-ws.Plo \
vauth/$(DEPDIR)/libcurl_la-cleartext.Plo \
vauth/$(DEPDIR)/libcurl_la-cram.Plo \
@@ -1205,7 +1203,7 @@ LIB_CFILES = \
base64.c \
bufref.c \
c-hyper.c \
- cf-http.c \
+ cf-https-connect.c \
cf-socket.c \
cfilters.c \
conncache.c \
@@ -1321,7 +1319,6 @@ LIB_CFILES = \
version.c \
version_win32.c \
warnless.c \
- wildcard.c \
ws.c
LIB_HFILES = \
@@ -1331,7 +1328,7 @@ LIB_HFILES = \
asyn.h \
bufref.h \
c-hyper.h \
- cf-http.h \
+ cf-https-connect.h \
cf-socket.h \
cfilters.h \
conncache.h \
@@ -1450,7 +1447,6 @@ LIB_HFILES = \
urldata.h \
version_win32.h \
warnless.h \
- wildcard.h \
ws.h
LIB_RCFILES = libcurl.rc
@@ -1778,7 +1774,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-base64.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-bufref.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-c-hyper.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-cf-http.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-cf-https-connect.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-cf-socket.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-cfilters.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-conncache.Plo@am__quote@ # am--include-marker
@@ -1894,7 +1890,6 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-version.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-version_win32.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-warnless.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-wildcard.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-ws.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-altsvc.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-amigaos.Plo@am__quote@ # am--include-marker
@@ -1903,7 +1898,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-base64.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-bufref.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-c-hyper.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-cf-http.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-cf-https-connect.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-cf-socket.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-cfilters.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-conncache.Plo@am__quote@ # am--include-marker
@@ -2019,7 +2014,6 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-version.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-version_win32.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-warnless.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-wildcard.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-ws.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurl_la-cleartext.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurl_la-cram.Plo@am__quote@ # am--include-marker
@@ -2173,12 +2167,12 @@ libcurl_la-c-hyper.lo: c-hyper.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-c-hyper.lo `test -f 'c-hyper.c' || echo '$(srcdir)/'`c-hyper.c
-libcurl_la-cf-http.lo: cf-http.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-cf-http.lo -MD -MP -MF $(DEPDIR)/libcurl_la-cf-http.Tpo -c -o libcurl_la-cf-http.lo `test -f 'cf-http.c' || echo '$(srcdir)/'`cf-http.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-cf-http.Tpo $(DEPDIR)/libcurl_la-cf-http.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cf-http.c' object='libcurl_la-cf-http.lo' libtool=yes @AMDEPBACKSLASH@
+libcurl_la-cf-https-connect.lo: cf-https-connect.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-cf-https-connect.lo -MD -MP -MF $(DEPDIR)/libcurl_la-cf-https-connect.Tpo -c -o libcurl_la-cf-https-connect.lo `test -f 'cf-https-connect.c' || echo '$(srcdir)/'`cf-https-connect.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-cf-https-connect.Tpo $(DEPDIR)/libcurl_la-cf-https-connect.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cf-https-connect.c' object='libcurl_la-cf-https-connect.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-cf-http.lo `test -f 'cf-http.c' || echo '$(srcdir)/'`cf-http.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-cf-https-connect.lo `test -f 'cf-https-connect.c' || echo '$(srcdir)/'`cf-https-connect.c
libcurl_la-cf-socket.lo: cf-socket.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-cf-socket.lo -MD -MP -MF $(DEPDIR)/libcurl_la-cf-socket.Tpo -c -o libcurl_la-cf-socket.lo `test -f 'cf-socket.c' || echo '$(srcdir)/'`cf-socket.c
@@ -2985,13 +2979,6 @@ libcurl_la-warnless.lo: warnless.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-warnless.lo `test -f 'warnless.c' || echo '$(srcdir)/'`warnless.c
-libcurl_la-wildcard.lo: wildcard.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-wildcard.lo -MD -MP -MF $(DEPDIR)/libcurl_la-wildcard.Tpo -c -o libcurl_la-wildcard.lo `test -f 'wildcard.c' || echo '$(srcdir)/'`wildcard.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-wildcard.Tpo $(DEPDIR)/libcurl_la-wildcard.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='wildcard.c' object='libcurl_la-wildcard.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-wildcard.lo `test -f 'wildcard.c' || echo '$(srcdir)/'`wildcard.c
-
libcurl_la-ws.lo: ws.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-ws.lo -MD -MP -MF $(DEPDIR)/libcurl_la-ws.Tpo -c -o libcurl_la-ws.lo `test -f 'ws.c' || echo '$(srcdir)/'`ws.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-ws.Tpo $(DEPDIR)/libcurl_la-ws.Plo
@@ -3300,12 +3287,12 @@ libcurlu_la-c-hyper.lo: c-hyper.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-c-hyper.lo `test -f 'c-hyper.c' || echo '$(srcdir)/'`c-hyper.c
-libcurlu_la-cf-http.lo: cf-http.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-cf-http.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-cf-http.Tpo -c -o libcurlu_la-cf-http.lo `test -f 'cf-http.c' || echo '$(srcdir)/'`cf-http.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-cf-http.Tpo $(DEPDIR)/libcurlu_la-cf-http.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cf-http.c' object='libcurlu_la-cf-http.lo' libtool=yes @AMDEPBACKSLASH@
+libcurlu_la-cf-https-connect.lo: cf-https-connect.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-cf-https-connect.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-cf-https-connect.Tpo -c -o libcurlu_la-cf-https-connect.lo `test -f 'cf-https-connect.c' || echo '$(srcdir)/'`cf-https-connect.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-cf-https-connect.Tpo $(DEPDIR)/libcurlu_la-cf-https-connect.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cf-https-connect.c' object='libcurlu_la-cf-https-connect.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-cf-http.lo `test -f 'cf-http.c' || echo '$(srcdir)/'`cf-http.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-cf-https-connect.lo `test -f 'cf-https-connect.c' || echo '$(srcdir)/'`cf-https-connect.c
libcurlu_la-cf-socket.lo: cf-socket.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-cf-socket.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-cf-socket.Tpo -c -o libcurlu_la-cf-socket.lo `test -f 'cf-socket.c' || echo '$(srcdir)/'`cf-socket.c
@@ -4112,13 +4099,6 @@ libcurlu_la-warnless.lo: warnless.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-warnless.lo `test -f 'warnless.c' || echo '$(srcdir)/'`warnless.c
-libcurlu_la-wildcard.lo: wildcard.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-wildcard.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-wildcard.Tpo -c -o libcurlu_la-wildcard.lo `test -f 'wildcard.c' || echo '$(srcdir)/'`wildcard.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-wildcard.Tpo $(DEPDIR)/libcurlu_la-wildcard.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='wildcard.c' object='libcurlu_la-wildcard.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-wildcard.lo `test -f 'wildcard.c' || echo '$(srcdir)/'`wildcard.c
-
libcurlu_la-ws.lo: ws.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-ws.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-ws.Tpo -c -o libcurlu_la-ws.lo `test -f 'ws.c' || echo '$(srcdir)/'`ws.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-ws.Tpo $(DEPDIR)/libcurlu_la-ws.Plo
@@ -4531,7 +4511,7 @@ distclean: distclean-am
-rm -f ./$(DEPDIR)/libcurl_la-base64.Plo
-rm -f ./$(DEPDIR)/libcurl_la-bufref.Plo
-rm -f ./$(DEPDIR)/libcurl_la-c-hyper.Plo
- -rm -f ./$(DEPDIR)/libcurl_la-cf-http.Plo
+ -rm -f ./$(DEPDIR)/libcurl_la-cf-https-connect.Plo
-rm -f ./$(DEPDIR)/libcurl_la-cf-socket.Plo
-rm -f ./$(DEPDIR)/libcurl_la-cfilters.Plo
-rm -f ./$(DEPDIR)/libcurl_la-conncache.Plo
@@ -4647,7 +4627,6 @@ distclean: distclean-am
-rm -f ./$(DEPDIR)/libcurl_la-version.Plo
-rm -f ./$(DEPDIR)/libcurl_la-version_win32.Plo
-rm -f ./$(DEPDIR)/libcurl_la-warnless.Plo
- -rm -f ./$(DEPDIR)/libcurl_la-wildcard.Plo
-rm -f ./$(DEPDIR)/libcurl_la-ws.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-altsvc.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-amigaos.Plo
@@ -4656,7 +4635,7 @@ distclean: distclean-am
-rm -f ./$(DEPDIR)/libcurlu_la-base64.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-bufref.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-c-hyper.Plo
- -rm -f ./$(DEPDIR)/libcurlu_la-cf-http.Plo
+ -rm -f ./$(DEPDIR)/libcurlu_la-cf-https-connect.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-cf-socket.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-cfilters.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-conncache.Plo
@@ -4772,7 +4751,6 @@ distclean: distclean-am
-rm -f ./$(DEPDIR)/libcurlu_la-version.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-version_win32.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-warnless.Plo
- -rm -f ./$(DEPDIR)/libcurlu_la-wildcard.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-ws.Plo
-rm -f vauth/$(DEPDIR)/libcurl_la-cleartext.Plo
-rm -f vauth/$(DEPDIR)/libcurl_la-cram.Plo
@@ -4898,7 +4876,7 @@ maintainer-clean: maintainer-clean-am
-rm -f ./$(DEPDIR)/libcurl_la-base64.Plo
-rm -f ./$(DEPDIR)/libcurl_la-bufref.Plo
-rm -f ./$(DEPDIR)/libcurl_la-c-hyper.Plo
- -rm -f ./$(DEPDIR)/libcurl_la-cf-http.Plo
+ -rm -f ./$(DEPDIR)/libcurl_la-cf-https-connect.Plo
-rm -f ./$(DEPDIR)/libcurl_la-cf-socket.Plo
-rm -f ./$(DEPDIR)/libcurl_la-cfilters.Plo
-rm -f ./$(DEPDIR)/libcurl_la-conncache.Plo
@@ -5014,7 +4992,6 @@ maintainer-clean: maintainer-clean-am
-rm -f ./$(DEPDIR)/libcurl_la-version.Plo
-rm -f ./$(DEPDIR)/libcurl_la-version_win32.Plo
-rm -f ./$(DEPDIR)/libcurl_la-warnless.Plo
- -rm -f ./$(DEPDIR)/libcurl_la-wildcard.Plo
-rm -f ./$(DEPDIR)/libcurl_la-ws.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-altsvc.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-amigaos.Plo
@@ -5023,7 +5000,7 @@ maintainer-clean: maintainer-clean-am
-rm -f ./$(DEPDIR)/libcurlu_la-base64.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-bufref.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-c-hyper.Plo
- -rm -f ./$(DEPDIR)/libcurlu_la-cf-http.Plo
+ -rm -f ./$(DEPDIR)/libcurlu_la-cf-https-connect.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-cf-socket.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-cfilters.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-conncache.Plo
@@ -5139,7 +5116,6 @@ maintainer-clean: maintainer-clean-am
-rm -f ./$(DEPDIR)/libcurlu_la-version.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-version_win32.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-warnless.Plo
- -rm -f ./$(DEPDIR)/libcurlu_la-wildcard.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-ws.Plo
-rm -f vauth/$(DEPDIR)/libcurl_la-cleartext.Plo
-rm -f vauth/$(DEPDIR)/libcurl_la-cram.Plo
diff --git a/libs/libcurl/src/Makefile.inc b/libs/libcurl/src/Makefile.inc
index bd4aef267b..1a24ff461d 100644
--- a/libs/libcurl/src/Makefile.inc
+++ b/libs/libcurl/src/Makefile.inc
@@ -107,7 +107,7 @@ LIB_CFILES = \
base64.c \
bufref.c \
c-hyper.c \
- cf-http.c \
+ cf-https-connect.c \
cf-socket.c \
cfilters.c \
conncache.c \
@@ -223,7 +223,6 @@ LIB_CFILES = \
version.c \
version_win32.c \
warnless.c \
- wildcard.c \
ws.c
LIB_HFILES = \
@@ -233,7 +232,7 @@ LIB_HFILES = \
asyn.h \
bufref.h \
c-hyper.h \
- cf-http.h \
+ cf-https-connect.h \
cf-socket.h \
cfilters.h \
conncache.h \
@@ -352,7 +351,6 @@ LIB_HFILES = \
urldata.h \
version_win32.h \
warnless.h \
- wildcard.h \
ws.h
LIB_RCFILES = libcurl.rc
diff --git a/libs/libcurl/src/cf-http.c b/libs/libcurl/src/cf-http.c
deleted file mode 100644
index 95eab7c0be..0000000000
--- a/libs/libcurl/src/cf-http.c
+++ /dev/null
@@ -1,518 +0,0 @@
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at https://curl.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * SPDX-License-Identifier: curl
- *
- ***************************************************************************/
-
-#include "curl_setup.h"
-
-#if !defined(CURL_DISABLE_HTTP) && !defined(USE_HYPER)
-
-#include "urldata.h"
-#include <curl/curl.h>
-#include "curl_log.h"
-#include "cfilters.h"
-#include "connect.h"
-#include "multiif.h"
-#include "cf-http.h"
-#include "http2.h"
-#include "vquic/vquic.h"
-
-/* The last 3 #include files should be in this order */
-#include "curl_printf.h"
-#include "curl_memory.h"
-#include "memdebug.h"
-
-
-typedef enum {
- CF_HC_INIT,
- CF_HC_CONNECT,
- CF_HC_SUCCESS,
- CF_HC_FAILURE
-} cf_hc_state;
-
-struct cf_hc_baller {
- const char *name;
- struct Curl_cfilter *cf;
- CURLcode result;
- struct curltime started;
- int reply_ms;
- bool enabled;
-};
-
-static void cf_hc_baller_reset(struct cf_hc_baller *b,
- struct Curl_easy *data)
-{
- if(b->cf) {
- Curl_conn_cf_close(b->cf, data);
- Curl_conn_cf_discard_chain(&b->cf, data);
- b->cf = NULL;
- }
- b->result = CURLE_OK;
- b->reply_ms = -1;
-}
-
-static bool cf_hc_baller_is_active(struct cf_hc_baller *b)
-{
- return b->enabled && b->cf && !b->result;
-}
-
-static bool cf_hc_baller_has_started(struct cf_hc_baller *b)
-{
- return !!b->cf;
-}
-
-static int cf_hc_baller_reply_ms(struct cf_hc_baller *b,
- struct Curl_easy *data)
-{
- if(b->reply_ms < 0)
- b->cf->cft->query(b->cf, data, CF_QUERY_CONNECT_REPLY_MS,
- &b->reply_ms, NULL);
- return b->reply_ms;
-}
-
-static bool cf_hc_baller_data_pending(struct cf_hc_baller *b,
- const struct Curl_easy *data)
-{
- return b->cf && !b->result && b->cf->cft->has_data_pending(b->cf, data);
-}
-
-struct cf_hc_ctx {
- cf_hc_state state;
- const struct Curl_dns_entry *remotehost;
- struct curltime started; /* when connect started */
- CURLcode result; /* overall result */
- struct cf_hc_baller h3_baller;
- struct cf_hc_baller h21_baller;
- int soft_eyeballs_timeout_ms;
- int hard_eyeballs_timeout_ms;
-};
-
-static void cf_hc_baller_init(struct cf_hc_baller *b,
- struct Curl_cfilter *cf,
- struct Curl_easy *data,
- const char *name,
- int transport)
-{
- struct cf_hc_ctx *ctx = cf->ctx;
- struct Curl_cfilter *save = cf->next;
-
- b->name = name;
- cf->next = NULL;
- b->started = Curl_now();
- b->result = Curl_cf_setup_insert_after(cf, data, ctx->remotehost,
- transport, CURL_CF_SSL_ENABLE);
- b->cf = cf->next;
- cf->next = save;
-}
-
-static CURLcode cf_hc_baller_connect(struct cf_hc_baller *b,
- struct Curl_cfilter *cf,
- struct Curl_easy *data,
- bool *done)
-{
- struct Curl_cfilter *save = cf->next;
-
- cf->next = b->cf;
- b->result = Curl_conn_cf_connect(cf->next, data, FALSE, done);
- b->cf = cf->next; /* it might mutate */
- cf->next = save;
- return b->result;
-}
-
-static void cf_hc_reset(struct Curl_cfilter *cf, struct Curl_easy *data)
-{
- struct cf_hc_ctx *ctx = cf->ctx;
-
- if(ctx) {
- cf_hc_baller_reset(&ctx->h3_baller, data);
- cf_hc_baller_reset(&ctx->h21_baller, data);
- ctx->state = CF_HC_INIT;
- ctx->result = CURLE_OK;
- ctx->hard_eyeballs_timeout_ms = data->set.happy_eyeballs_timeout;
- ctx->soft_eyeballs_timeout_ms = data->set.happy_eyeballs_timeout / 2;
- }
-}
-
-static CURLcode baller_connected(struct Curl_cfilter *cf,
- struct Curl_easy *data,
- struct cf_hc_baller *winner)
-{
- struct cf_hc_ctx *ctx = cf->ctx;
- CURLcode result = CURLE_OK;
-
- DEBUGASSERT(winner->cf);
- if(winner != &ctx->h3_baller)
- cf_hc_baller_reset(&ctx->h3_baller, data);
- if(winner != &ctx->h21_baller)
- cf_hc_baller_reset(&ctx->h21_baller, data);
-
- DEBUGF(LOG_CF(data, cf, "connect+handshake %s: %dms, 1st data: %dms",
- winner->name, (int)Curl_timediff(Curl_now(), winner->started),
- cf_hc_baller_reply_ms(winner, data)));
- cf->next = winner->cf;
- winner->cf = NULL;
-
- switch(cf->conn->alpn) {
- case CURL_HTTP_VERSION_3:
- infof(data, "using HTTP/3");
- break;
- case CURL_HTTP_VERSION_2:
-#ifdef USE_NGHTTP2
- /* Using nghttp2, we add the filter "below" us, so when the conn
- * closes, we tear it down for a fresh reconnect */
- result = Curl_http2_switch_at(cf, data);
- if(result) {
- ctx->state = CF_HC_FAILURE;
- ctx->result = result;
- return result;
- }
-#endif
- infof(data, "using HTTP/2");
- break;
- case CURL_HTTP_VERSION_1_1:
- infof(data, "using HTTP/1.1");
- break;
- default:
- infof(data, "using HTTP/1.x");
- break;
- }
- ctx->state = CF_HC_SUCCESS;
- cf->connected = TRUE;
- Curl_conn_cf_cntrl(cf->next, data, TRUE,
- CF_CTRL_CONN_INFO_UPDATE, 0, NULL);
- return result;
-}
-
-
-static bool time_to_start_h21(struct Curl_cfilter *cf,
- struct Curl_easy *data,
- struct curltime now)
-{
- struct cf_hc_ctx *ctx = cf->ctx;
- timediff_t elapsed_ms;
-
- if(!ctx->h21_baller.enabled || cf_hc_baller_has_started(&ctx->h21_baller))
- return FALSE;
-
- if(!ctx->h3_baller.enabled || !cf_hc_baller_is_active(&ctx->h3_baller))
- return TRUE;
-
- elapsed_ms = Curl_timediff(now, ctx->started);
- if(elapsed_ms >= ctx->hard_eyeballs_timeout_ms) {
- DEBUGF(LOG_CF(data, cf, "hard timeout of %dms reached, starting h21",
- ctx->hard_eyeballs_timeout_ms));
- return TRUE;
- }
-
- if(elapsed_ms >= ctx->soft_eyeballs_timeout_ms) {
- if(cf_hc_baller_reply_ms(&ctx->h3_baller, data) < 0) {
- DEBUGF(LOG_CF(data, cf, "soft timeout of %dms reached, h3 has not "
- "seen any data, starting h21",
- ctx->soft_eyeballs_timeout_ms));
- return TRUE;
- }
- /* set the effective hard timeout again */
- Curl_expire(data, ctx->hard_eyeballs_timeout_ms - elapsed_ms,
- EXPIRE_ALPN_EYEBALLS);
- }
- return FALSE;
-}
-
-static CURLcode cf_hc_connect(struct Curl_cfilter *cf,
- struct Curl_easy *data,
- bool blocking, bool *done)
-{
- struct cf_hc_ctx *ctx = cf->ctx;
- struct curltime now;
- CURLcode result = CURLE_OK;
-
- (void)blocking;
- if(cf->connected) {
- *done = TRUE;
- return CURLE_OK;
- }
-
- *done = FALSE;
- now = Curl_now();
- switch(ctx->state) {
- case CF_HC_INIT:
- DEBUGASSERT(!ctx->h3_baller.cf);
- DEBUGASSERT(!ctx->h21_baller.cf);
- DEBUGASSERT(!cf->next);
- DEBUGF(LOG_CF(data, cf, "connect, init"));
- ctx->started = now;
- if(ctx->h3_baller.enabled) {
- cf_hc_baller_init(&ctx->h3_baller, cf, data, "h3", TRNSPRT_QUIC);
- if(ctx->h21_baller.enabled)
- Curl_expire(data, ctx->soft_eyeballs_timeout_ms, EXPIRE_ALPN_EYEBALLS);
- }
- else if(ctx->h21_baller.enabled)
- cf_hc_baller_init(&ctx->h21_baller, cf, data, "h21", TRNSPRT_TCP);
- ctx->state = CF_HC_CONNECT;
- /* FALLTHROUGH */
-
- case CF_HC_CONNECT:
- if(cf_hc_baller_is_active(&ctx->h3_baller)) {
- result = cf_hc_baller_connect(&ctx->h3_baller, cf, data, done);
- if(!result && *done) {
- result = baller_connected(cf, data, &ctx->h3_baller);
- goto out;
- }
- }
-
- if(time_to_start_h21(cf, data, now)) {
- cf_hc_baller_init(&ctx->h21_baller, cf, data, "h21", TRNSPRT_TCP);
- }
-
- if(cf_hc_baller_is_active(&ctx->h21_baller)) {
- DEBUGF(LOG_CF(data, cf, "connect, check h21"));
- result = cf_hc_baller_connect(&ctx->h21_baller, cf, data, done);
- if(!result && *done) {
- result = baller_connected(cf, data, &ctx->h21_baller);
- goto out;
- }
- }
-
- if((!ctx->h3_baller.enabled || ctx->h3_baller.result) &&
- (!ctx->h21_baller.enabled || ctx->h21_baller.result)) {
- /* both failed or disabled. we give up */
- DEBUGF(LOG_CF(data, cf, "connect, all failed"));
- result = ctx->result = ctx->h3_baller.enabled?
- ctx->h3_baller.result : ctx->h21_baller.result;
- ctx->state = CF_HC_FAILURE;
- goto out;
- }
- result = CURLE_OK;
- *done = FALSE;
- break;
-
- case CF_HC_FAILURE:
- result = ctx->result;
- cf->connected = FALSE;
- *done = FALSE;
- break;
-
- case CF_HC_SUCCESS:
- result = CURLE_OK;
- cf->connected = TRUE;
- *done = TRUE;
- break;
- }
-
-out:
- DEBUGF(LOG_CF(data, cf, "connect -> %d, done=%d", result, *done));
- return result;
-}
-
-static int cf_hc_get_select_socks(struct Curl_cfilter *cf,
- struct Curl_easy *data,
- curl_socket_t *socks)
-{
- struct cf_hc_ctx *ctx = cf->ctx;
- size_t i, j, s;
- int brc, rc = GETSOCK_BLANK;
- curl_socket_t bsocks[MAX_SOCKSPEREASYHANDLE];
- struct cf_hc_baller *ballers[2];
-
- if(cf->connected)
- return cf->next->cft->get_select_socks(cf->next, data, socks);
-
- ballers[0] = &ctx->h3_baller;
- ballers[1] = &ctx->h21_baller;
- for(i = s = 0; i < sizeof(ballers)/sizeof(ballers[0]); i++) {
- struct cf_hc_baller *b = ballers[i];
- if(!cf_hc_baller_is_active(b))
- continue;
- brc = Curl_conn_cf_get_select_socks(b->cf, data, bsocks);
- DEBUGF(LOG_CF(data, cf, "get_selected_socks(%s) -> %x", b->name, brc));
- if(!brc)
- continue;
- for(j = 0; j < MAX_SOCKSPEREASYHANDLE && s < MAX_SOCKSPEREASYHANDLE; ++j) {
- if((brc & GETSOCK_WRITESOCK(j)) || (brc & GETSOCK_READSOCK(j))) {
- socks[s] = bsocks[j];
- if(brc & GETSOCK_WRITESOCK(j))
- rc |= GETSOCK_WRITESOCK(s);
- if(brc & GETSOCK_READSOCK(j))
- rc |= GETSOCK_READSOCK(s);
- s++;
- }
- }
- }
- DEBUGF(LOG_CF(data, cf, "get_selected_socks -> %x", rc));
- return rc;
-}
-
-static bool cf_hc_data_pending(struct Curl_cfilter *cf,
- const struct Curl_easy *data)
-{
- struct cf_hc_ctx *ctx = cf->ctx;
-
- if(cf->connected)
- return cf->next->cft->has_data_pending(cf->next, data);
-
- DEBUGF(LOG_CF((struct Curl_easy *)data, cf, "data_pending"));
- return cf_hc_baller_data_pending(&ctx->h3_baller, data)
- || cf_hc_baller_data_pending(&ctx->h21_baller, data);
-}
-
-static void cf_hc_close(struct Curl_cfilter *cf, struct Curl_easy *data)
-{
- DEBUGF(LOG_CF(data, cf, "close"));
- cf_hc_reset(cf, data);
- cf->connected = FALSE;
-
- if(cf->next) {
- cf->next->cft->close(cf->next, data);
- Curl_conn_cf_discard_chain(&cf->next, data);
- }
-}
-
-static void cf_hc_destroy(struct Curl_cfilter *cf, struct Curl_easy *data)
-{
- struct cf_hc_ctx *ctx = cf->ctx;
-
- (void)data;
- DEBUGF(LOG_CF(data, cf, "destroy"));
- cf_hc_reset(cf, data);
- Curl_safefree(ctx);
-}
-
-struct Curl_cftype Curl_cft_http_connect = {
- "HTTPS-CONNECT",
- 0,
- CURL_LOG_DEFAULT,
- cf_hc_destroy,
- cf_hc_connect,
- cf_hc_close,
- Curl_cf_def_get_host,
- cf_hc_get_select_socks,
- cf_hc_data_pending,
- Curl_cf_def_send,
- Curl_cf_def_recv,
- Curl_cf_def_cntrl,
- Curl_cf_def_conn_is_alive,
- Curl_cf_def_conn_keep_alive,
- Curl_cf_def_query,
-};
-
-static CURLcode cf_hc_create(struct Curl_cfilter **pcf,
- struct Curl_easy *data,
- const struct Curl_dns_entry *remotehost,
- bool try_h3, bool try_h21)
-{
- struct Curl_cfilter *cf = NULL;
- struct cf_hc_ctx *ctx;
- CURLcode result = CURLE_OK;
-
- (void)data;
- ctx = calloc(sizeof(*ctx), 1);
- if(!ctx) {
- result = CURLE_OUT_OF_MEMORY;
- goto out;
- }
- ctx->remotehost = remotehost;
- ctx->h3_baller.enabled = try_h3;
- ctx->h21_baller.enabled = try_h21;
-
- result = Curl_cf_create(&cf, &Curl_cft_http_connect, ctx);
- if(result)
- goto out;
- ctx = NULL;
- cf_hc_reset(cf, data);
-
-out:
- *pcf = result? NULL : cf;
- free(ctx);
- return result;
-}
-
-CURLcode Curl_cf_http_connect_add(struct Curl_easy *data,
- struct connectdata *conn,
- int sockindex,
- const struct Curl_dns_entry *remotehost,
- bool try_h3, bool try_h21)
-{
- struct Curl_cfilter *cf;
- CURLcode result = CURLE_OK;
-
- DEBUGASSERT(data);
- result = cf_hc_create(&cf, data, remotehost, try_h3, try_h21);
- if(result)
- goto out;
- Curl_conn_cf_add(data, conn, sockindex, cf);
-out:
- return result;
-}
-
-CURLcode
-Curl_cf_http_connect_insert_after(struct Curl_cfilter *cf_at,
- struct Curl_easy *data,
- const struct Curl_dns_entry *remotehost,
- bool try_h3, bool try_h21)
-{
- struct Curl_cfilter *cf;
- CURLcode result;
-
- DEBUGASSERT(data);
- result = cf_hc_create(&cf, data, remotehost, try_h3, try_h21);
- if(result)
- goto out;
- Curl_conn_cf_insert_after(cf_at, cf);
-out:
- return result;
-}
-
-CURLcode Curl_cf_https_setup(struct Curl_easy *data,
- struct connectdata *conn,
- int sockindex,
- const struct Curl_dns_entry *remotehost)
-{
- bool try_h3 = FALSE, try_h21 = TRUE; /* defaults, for now */
- CURLcode result = CURLE_OK;
-
- (void)sockindex;
- (void)remotehost;
-
- if(!conn->bits.tls_enable_alpn)
- goto out;
-
- if(data->state.httpwant == CURL_HTTP_VERSION_3ONLY) {
- result = Curl_conn_may_http3(data, conn);
- if(result) /* can't do it */
- goto out;
- try_h3 = TRUE;
- try_h21 = FALSE;
- }
- else if(data->state.httpwant >= CURL_HTTP_VERSION_3) {
- /* We assume that silently not even trying H3 is ok here */
- /* TODO: should we fail instead? */
- try_h3 = (Curl_conn_may_http3(data, conn) == CURLE_OK);
- try_h21 = TRUE;
- }
-
- result = Curl_cf_http_connect_add(data, conn, sockindex, remotehost,
- try_h3, try_h21);
-out:
- return result;
-}
-
-#endif /* !defined(CURL_DISABLE_HTTP) && !defined(USE_HYPER) */
diff --git a/libs/libcurl/src/cf-http.h b/libs/libcurl/src/cf-http.h
deleted file mode 100644
index 3ca1468ea9..0000000000
--- a/libs/libcurl/src/cf-http.h
+++ /dev/null
@@ -1,58 +0,0 @@
-#ifndef HEADER_CURL_CF_HTTP_H
-#define HEADER_CURL_CF_HTTP_H
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at https://curl.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * SPDX-License-Identifier: curl
- *
- ***************************************************************************/
-#include "curl_setup.h"
-
-#if !defined(CURL_DISABLE_HTTP) && !defined(USE_HYPER)
-
-struct Curl_cfilter;
-struct Curl_easy;
-struct connectdata;
-struct Curl_cftype;
-struct Curl_dns_entry;
-
-extern struct Curl_cftype Curl_cft_http_connect;
-
-CURLcode Curl_cf_http_connect_add(struct Curl_easy *data,
- struct connectdata *conn,
- int sockindex,
- const struct Curl_dns_entry *remotehost,
- bool try_h3, bool try_h21);
-
-CURLcode
-Curl_cf_http_connect_insert_after(struct Curl_cfilter *cf_at,
- struct Curl_easy *data,
- const struct Curl_dns_entry *remotehost,
- bool try_h3, bool try_h21);
-
-
-CURLcode Curl_cf_https_setup(struct Curl_easy *data,
- struct connectdata *conn,
- int sockindex,
- const struct Curl_dns_entry *remotehost);
-
-
-#endif /* !defined(CURL_DISABLE_HTTP) && !defined(USE_HYPER) */
-#endif /* HEADER_CURL_CF_HTTP_H */
diff --git a/libs/libcurl/src/cf-https-connect.c b/libs/libcurl/src/cf-https-connect.c
new file mode 100644
index 0000000000..ba5c00e965
--- /dev/null
+++ b/libs/libcurl/src/cf-https-connect.c
@@ -0,0 +1,569 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#if !defined(CURL_DISABLE_HTTP) && !defined(USE_HYPER)
+
+#include "urldata.h"
+#include <curl/curl.h>
+#include "curl_log.h"
+#include "cfilters.h"
+#include "connect.h"
+#include "multiif.h"
+#include "cf-https-connect.h"
+#include "http2.h"
+#include "vquic/vquic.h"
+
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
+#include "memdebug.h"
+
+
+typedef enum {
+ CF_HC_INIT,
+ CF_HC_CONNECT,
+ CF_HC_SUCCESS,
+ CF_HC_FAILURE
+} cf_hc_state;
+
+struct cf_hc_baller {
+ const char *name;
+ struct Curl_cfilter *cf;
+ CURLcode result;
+ struct curltime started;
+ int reply_ms;
+ bool enabled;
+};
+
+static void cf_hc_baller_reset(struct cf_hc_baller *b,
+ struct Curl_easy *data)
+{
+ if(b->cf) {
+ Curl_conn_cf_close(b->cf, data);
+ Curl_conn_cf_discard_chain(&b->cf, data);
+ b->cf = NULL;
+ }
+ b->result = CURLE_OK;
+ b->reply_ms = -1;
+}
+
+static bool cf_hc_baller_is_active(struct cf_hc_baller *b)
+{
+ return b->enabled && b->cf && !b->result;
+}
+
+static bool cf_hc_baller_has_started(struct cf_hc_baller *b)
+{
+ return !!b->cf;
+}
+
+static int cf_hc_baller_reply_ms(struct cf_hc_baller *b,
+ struct Curl_easy *data)
+{
+ if(b->reply_ms < 0)
+ b->cf->cft->query(b->cf, data, CF_QUERY_CONNECT_REPLY_MS,
+ &b->reply_ms, NULL);
+ return b->reply_ms;
+}
+
+static bool cf_hc_baller_data_pending(struct cf_hc_baller *b,
+ const struct Curl_easy *data)
+{
+ return b->cf && !b->result && b->cf->cft->has_data_pending(b->cf, data);
+}
+
+struct cf_hc_ctx {
+ cf_hc_state state;
+ const struct Curl_dns_entry *remotehost;
+ struct curltime started; /* when connect started */
+ CURLcode result; /* overall result */
+ struct cf_hc_baller h3_baller;
+ struct cf_hc_baller h21_baller;
+ int soft_eyeballs_timeout_ms;
+ int hard_eyeballs_timeout_ms;
+};
+
+static void cf_hc_baller_init(struct cf_hc_baller *b,
+ struct Curl_cfilter *cf,
+ struct Curl_easy *data,
+ const char *name,
+ int transport)
+{
+ struct cf_hc_ctx *ctx = cf->ctx;
+ struct Curl_cfilter *save = cf->next;
+
+ b->name = name;
+ cf->next = NULL;
+ b->started = Curl_now();
+ b->result = Curl_cf_setup_insert_after(cf, data, ctx->remotehost,
+ transport, CURL_CF_SSL_ENABLE);
+ b->cf = cf->next;
+ cf->next = save;
+}
+
+static CURLcode cf_hc_baller_connect(struct cf_hc_baller *b,
+ struct Curl_cfilter *cf,
+ struct Curl_easy *data,
+ bool *done)
+{
+ struct Curl_cfilter *save = cf->next;
+
+ cf->next = b->cf;
+ b->result = Curl_conn_cf_connect(cf->next, data, FALSE, done);
+ b->cf = cf->next; /* it might mutate */
+ cf->next = save;
+ return b->result;
+}
+
+static void cf_hc_reset(struct Curl_cfilter *cf, struct Curl_easy *data)
+{
+ struct cf_hc_ctx *ctx = cf->ctx;
+
+ if(ctx) {
+ cf_hc_baller_reset(&ctx->h3_baller, data);
+ cf_hc_baller_reset(&ctx->h21_baller, data);
+ ctx->state = CF_HC_INIT;
+ ctx->result = CURLE_OK;
+ ctx->hard_eyeballs_timeout_ms = data->set.happy_eyeballs_timeout;
+ ctx->soft_eyeballs_timeout_ms = data->set.happy_eyeballs_timeout / 2;
+ }
+}
+
+static CURLcode baller_connected(struct Curl_cfilter *cf,
+ struct Curl_easy *data,
+ struct cf_hc_baller *winner)
+{
+ struct cf_hc_ctx *ctx = cf->ctx;
+ CURLcode result = CURLE_OK;
+
+ DEBUGASSERT(winner->cf);
+ if(winner != &ctx->h3_baller)
+ cf_hc_baller_reset(&ctx->h3_baller, data);
+ if(winner != &ctx->h21_baller)
+ cf_hc_baller_reset(&ctx->h21_baller, data);
+
+ DEBUGF(LOG_CF(data, cf, "connect+handshake %s: %dms, 1st data: %dms",
+ winner->name, (int)Curl_timediff(Curl_now(), winner->started),
+ cf_hc_baller_reply_ms(winner, data)));
+ cf->next = winner->cf;
+ winner->cf = NULL;
+
+ switch(cf->conn->alpn) {
+ case CURL_HTTP_VERSION_3:
+ infof(data, "using HTTP/3");
+ break;
+ case CURL_HTTP_VERSION_2:
+#ifdef USE_NGHTTP2
+ /* Using nghttp2, we add the filter "below" us, so when the conn
+ * closes, we tear it down for a fresh reconnect */
+ result = Curl_http2_switch_at(cf, data);
+ if(result) {
+ ctx->state = CF_HC_FAILURE;
+ ctx->result = result;
+ return result;
+ }
+#endif
+ infof(data, "using HTTP/2");
+ break;
+ case CURL_HTTP_VERSION_1_1:
+ infof(data, "using HTTP/1.1");
+ break;
+ default:
+ infof(data, "using HTTP/1.x");
+ break;
+ }
+ ctx->state = CF_HC_SUCCESS;
+ cf->connected = TRUE;
+ Curl_conn_cf_cntrl(cf->next, data, TRUE,
+ CF_CTRL_CONN_INFO_UPDATE, 0, NULL);
+ return result;
+}
+
+
+static bool time_to_start_h21(struct Curl_cfilter *cf,
+ struct Curl_easy *data,
+ struct curltime now)
+{
+ struct cf_hc_ctx *ctx = cf->ctx;
+ timediff_t elapsed_ms;
+
+ if(!ctx->h21_baller.enabled || cf_hc_baller_has_started(&ctx->h21_baller))
+ return FALSE;
+
+ if(!ctx->h3_baller.enabled || !cf_hc_baller_is_active(&ctx->h3_baller))
+ return TRUE;
+
+ elapsed_ms = Curl_timediff(now, ctx->started);
+ if(elapsed_ms >= ctx->hard_eyeballs_timeout_ms) {
+ DEBUGF(LOG_CF(data, cf, "hard timeout of %dms reached, starting h21",
+ ctx->hard_eyeballs_timeout_ms));
+ return TRUE;
+ }
+
+ if(elapsed_ms >= ctx->soft_eyeballs_timeout_ms) {
+ if(cf_hc_baller_reply_ms(&ctx->h3_baller, data) < 0) {
+ DEBUGF(LOG_CF(data, cf, "soft timeout of %dms reached, h3 has not "
+ "seen any data, starting h21",
+ ctx->soft_eyeballs_timeout_ms));
+ return TRUE;
+ }
+ /* set the effective hard timeout again */
+ Curl_expire(data, ctx->hard_eyeballs_timeout_ms - elapsed_ms,
+ EXPIRE_ALPN_EYEBALLS);
+ }
+ return FALSE;
+}
+
+static CURLcode cf_hc_connect(struct Curl_cfilter *cf,
+ struct Curl_easy *data,
+ bool blocking, bool *done)
+{
+ struct cf_hc_ctx *ctx = cf->ctx;
+ struct curltime now;
+ CURLcode result = CURLE_OK;
+
+ (void)blocking;
+ if(cf->connected) {
+ *done = TRUE;
+ return CURLE_OK;
+ }
+
+ *done = FALSE;
+ now = Curl_now();
+ switch(ctx->state) {
+ case CF_HC_INIT:
+ DEBUGASSERT(!ctx->h3_baller.cf);
+ DEBUGASSERT(!ctx->h21_baller.cf);
+ DEBUGASSERT(!cf->next);
+ DEBUGF(LOG_CF(data, cf, "connect, init"));
+ ctx->started = now;
+ if(ctx->h3_baller.enabled) {
+ cf_hc_baller_init(&ctx->h3_baller, cf, data, "h3", TRNSPRT_QUIC);
+ if(ctx->h21_baller.enabled)
+ Curl_expire(data, ctx->soft_eyeballs_timeout_ms, EXPIRE_ALPN_EYEBALLS);
+ }
+ else if(ctx->h21_baller.enabled)
+ cf_hc_baller_init(&ctx->h21_baller, cf, data, "h21",
+ cf->conn->transport);
+ ctx->state = CF_HC_CONNECT;
+ /* FALLTHROUGH */
+
+ case CF_HC_CONNECT:
+ if(cf_hc_baller_is_active(&ctx->h3_baller)) {
+ result = cf_hc_baller_connect(&ctx->h3_baller, cf, data, done);
+ if(!result && *done) {
+ result = baller_connected(cf, data, &ctx->h3_baller);
+ goto out;
+ }
+ }
+
+ if(time_to_start_h21(cf, data, now)) {
+ cf_hc_baller_init(&ctx->h21_baller, cf, data, "h21",
+ cf->conn->transport);
+ }
+
+ if(cf_hc_baller_is_active(&ctx->h21_baller)) {
+ DEBUGF(LOG_CF(data, cf, "connect, check h21"));
+ result = cf_hc_baller_connect(&ctx->h21_baller, cf, data, done);
+ if(!result && *done) {
+ result = baller_connected(cf, data, &ctx->h21_baller);
+ goto out;
+ }
+ }
+
+ if((!ctx->h3_baller.enabled || ctx->h3_baller.result) &&
+ (!ctx->h21_baller.enabled || ctx->h21_baller.result)) {
+ /* both failed or disabled. we give up */
+ DEBUGF(LOG_CF(data, cf, "connect, all failed"));
+ result = ctx->result = ctx->h3_baller.enabled?
+ ctx->h3_baller.result : ctx->h21_baller.result;
+ ctx->state = CF_HC_FAILURE;
+ goto out;
+ }
+ result = CURLE_OK;
+ *done = FALSE;
+ break;
+
+ case CF_HC_FAILURE:
+ result = ctx->result;
+ cf->connected = FALSE;
+ *done = FALSE;
+ break;
+
+ case CF_HC_SUCCESS:
+ result = CURLE_OK;
+ cf->connected = TRUE;
+ *done = TRUE;
+ break;
+ }
+
+out:
+ DEBUGF(LOG_CF(data, cf, "connect -> %d, done=%d", result, *done));
+ return result;
+}
+
+static int cf_hc_get_select_socks(struct Curl_cfilter *cf,
+ struct Curl_easy *data,
+ curl_socket_t *socks)
+{
+ struct cf_hc_ctx *ctx = cf->ctx;
+ size_t i, j, s;
+ int brc, rc = GETSOCK_BLANK;
+ curl_socket_t bsocks[MAX_SOCKSPEREASYHANDLE];
+ struct cf_hc_baller *ballers[2];
+
+ if(cf->connected)
+ return cf->next->cft->get_select_socks(cf->next, data, socks);
+
+ ballers[0] = &ctx->h3_baller;
+ ballers[1] = &ctx->h21_baller;
+ for(i = s = 0; i < sizeof(ballers)/sizeof(ballers[0]); i++) {
+ struct cf_hc_baller *b = ballers[i];
+ if(!cf_hc_baller_is_active(b))
+ continue;
+ brc = Curl_conn_cf_get_select_socks(b->cf, data, bsocks);
+ DEBUGF(LOG_CF(data, cf, "get_selected_socks(%s) -> %x", b->name, brc));
+ if(!brc)
+ continue;
+ for(j = 0; j < MAX_SOCKSPEREASYHANDLE && s < MAX_SOCKSPEREASYHANDLE; ++j) {
+ if((brc & GETSOCK_WRITESOCK(j)) || (brc & GETSOCK_READSOCK(j))) {
+ socks[s] = bsocks[j];
+ if(brc & GETSOCK_WRITESOCK(j))
+ rc |= GETSOCK_WRITESOCK(s);
+ if(brc & GETSOCK_READSOCK(j))
+ rc |= GETSOCK_READSOCK(s);
+ s++;
+ }
+ }
+ }
+ DEBUGF(LOG_CF(data, cf, "get_selected_socks -> %x", rc));
+ return rc;
+}
+
+static bool cf_hc_data_pending(struct Curl_cfilter *cf,
+ const struct Curl_easy *data)
+{
+ struct cf_hc_ctx *ctx = cf->ctx;
+
+ if(cf->connected)
+ return cf->next->cft->has_data_pending(cf->next, data);
+
+ DEBUGF(LOG_CF((struct Curl_easy *)data, cf, "data_pending"));
+ return cf_hc_baller_data_pending(&ctx->h3_baller, data)
+ || cf_hc_baller_data_pending(&ctx->h21_baller, data);
+}
+
+static struct curltime get_max_baller_time(struct Curl_cfilter *cf,
+ struct Curl_easy *data,
+ int query)
+{
+ struct cf_hc_ctx *ctx = cf->ctx;
+ struct Curl_cfilter *cfb;
+ struct curltime t, tmax;
+
+ memset(&tmax, 0, sizeof(tmax));
+ memset(&t, 0, sizeof(t));
+ cfb = ctx->h21_baller.enabled? ctx->h21_baller.cf : NULL;
+ if(cfb && !cfb->cft->query(cfb, data, query, NULL, &t)) {
+ if((t.tv_sec || t.tv_usec) && Curl_timediff_us(t, tmax) > 0)
+ tmax = t;
+ }
+ memset(&t, 0, sizeof(t));
+ cfb = ctx->h3_baller.enabled? ctx->h3_baller.cf : NULL;
+ if(cfb && !cfb->cft->query(cfb, data, query, NULL, &t)) {
+ if((t.tv_sec || t.tv_usec) && Curl_timediff_us(t, tmax) > 0)
+ tmax = t;
+ }
+ return tmax;
+}
+
+static CURLcode cf_hc_query(struct Curl_cfilter *cf,
+ struct Curl_easy *data,
+ int query, int *pres1, void *pres2)
+{
+ if(!cf->connected) {
+ switch(query) {
+ case CF_QUERY_TIMER_CONNECT: {
+ struct curltime *when = pres2;
+ *when = get_max_baller_time(cf, data, CF_QUERY_TIMER_CONNECT);
+ return CURLE_OK;
+ }
+ case CF_QUERY_TIMER_APPCONNECT: {
+ struct curltime *when = pres2;
+ *when = get_max_baller_time(cf, data, CF_QUERY_TIMER_APPCONNECT);
+ return CURLE_OK;
+ }
+ default:
+ break;
+ }
+ }
+ return cf->next?
+ cf->next->cft->query(cf->next, data, query, pres1, pres2) :
+ CURLE_UNKNOWN_OPTION;
+}
+
+static void cf_hc_close(struct Curl_cfilter *cf, struct Curl_easy *data)
+{
+ DEBUGF(LOG_CF(data, cf, "close"));
+ cf_hc_reset(cf, data);
+ cf->connected = FALSE;
+
+ if(cf->next) {
+ cf->next->cft->close(cf->next, data);
+ Curl_conn_cf_discard_chain(&cf->next, data);
+ }
+}
+
+static void cf_hc_destroy(struct Curl_cfilter *cf, struct Curl_easy *data)
+{
+ struct cf_hc_ctx *ctx = cf->ctx;
+
+ (void)data;
+ DEBUGF(LOG_CF(data, cf, "destroy"));
+ cf_hc_reset(cf, data);
+ Curl_safefree(ctx);
+}
+
+struct Curl_cftype Curl_cft_http_connect = {
+ "HTTPS-CONNECT",
+ 0,
+ CURL_LOG_DEFAULT,
+ cf_hc_destroy,
+ cf_hc_connect,
+ cf_hc_close,
+ Curl_cf_def_get_host,
+ cf_hc_get_select_socks,
+ cf_hc_data_pending,
+ Curl_cf_def_send,
+ Curl_cf_def_recv,
+ Curl_cf_def_cntrl,
+ Curl_cf_def_conn_is_alive,
+ Curl_cf_def_conn_keep_alive,
+ cf_hc_query,
+};
+
+static CURLcode cf_hc_create(struct Curl_cfilter **pcf,
+ struct Curl_easy *data,
+ const struct Curl_dns_entry *remotehost,
+ bool try_h3, bool try_h21)
+{
+ struct Curl_cfilter *cf = NULL;
+ struct cf_hc_ctx *ctx;
+ CURLcode result = CURLE_OK;
+
+ (void)data;
+ ctx = calloc(sizeof(*ctx), 1);
+ if(!ctx) {
+ result = CURLE_OUT_OF_MEMORY;
+ goto out;
+ }
+ ctx->remotehost = remotehost;
+ ctx->h3_baller.enabled = try_h3;
+ ctx->h21_baller.enabled = try_h21;
+
+ result = Curl_cf_create(&cf, &Curl_cft_http_connect, ctx);
+ if(result)
+ goto out;
+ ctx = NULL;
+ cf_hc_reset(cf, data);
+
+out:
+ *pcf = result? NULL : cf;
+ free(ctx);
+ return result;
+}
+
+CURLcode Curl_cf_http_connect_add(struct Curl_easy *data,
+ struct connectdata *conn,
+ int sockindex,
+ const struct Curl_dns_entry *remotehost,
+ bool try_h3, bool try_h21)
+{
+ struct Curl_cfilter *cf;
+ CURLcode result = CURLE_OK;
+
+ DEBUGASSERT(data);
+ result = cf_hc_create(&cf, data, remotehost, try_h3, try_h21);
+ if(result)
+ goto out;
+ Curl_conn_cf_add(data, conn, sockindex, cf);
+out:
+ return result;
+}
+
+CURLcode
+Curl_cf_http_connect_insert_after(struct Curl_cfilter *cf_at,
+ struct Curl_easy *data,
+ const struct Curl_dns_entry *remotehost,
+ bool try_h3, bool try_h21)
+{
+ struct Curl_cfilter *cf;
+ CURLcode result;
+
+ DEBUGASSERT(data);
+ result = cf_hc_create(&cf, data, remotehost, try_h3, try_h21);
+ if(result)
+ goto out;
+ Curl_conn_cf_insert_after(cf_at, cf);
+out:
+ return result;
+}
+
+CURLcode Curl_cf_https_setup(struct Curl_easy *data,
+ struct connectdata *conn,
+ int sockindex,
+ const struct Curl_dns_entry *remotehost)
+{
+ bool try_h3 = FALSE, try_h21 = TRUE; /* defaults, for now */
+ CURLcode result = CURLE_OK;
+
+ (void)sockindex;
+ (void)remotehost;
+
+ if(!conn->bits.tls_enable_alpn)
+ goto out;
+
+ if(data->state.httpwant == CURL_HTTP_VERSION_3ONLY) {
+ result = Curl_conn_may_http3(data, conn);
+ if(result) /* can't do it */
+ goto out;
+ try_h3 = TRUE;
+ try_h21 = FALSE;
+ }
+ else if(data->state.httpwant >= CURL_HTTP_VERSION_3) {
+ /* We assume that silently not even trying H3 is ok here */
+ /* TODO: should we fail instead? */
+ try_h3 = (Curl_conn_may_http3(data, conn) == CURLE_OK);
+ try_h21 = TRUE;
+ }
+
+ result = Curl_cf_http_connect_add(data, conn, sockindex, remotehost,
+ try_h3, try_h21);
+out:
+ return result;
+}
+
+#endif /* !defined(CURL_DISABLE_HTTP) && !defined(USE_HYPER) */
diff --git a/libs/libcurl/src/cf-https-connect.h b/libs/libcurl/src/cf-https-connect.h
new file mode 100644
index 0000000000..3ca1468ea9
--- /dev/null
+++ b/libs/libcurl/src/cf-https-connect.h
@@ -0,0 +1,58 @@
+#ifndef HEADER_CURL_CF_HTTP_H
+#define HEADER_CURL_CF_HTTP_H
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+#include "curl_setup.h"
+
+#if !defined(CURL_DISABLE_HTTP) && !defined(USE_HYPER)
+
+struct Curl_cfilter;
+struct Curl_easy;
+struct connectdata;
+struct Curl_cftype;
+struct Curl_dns_entry;
+
+extern struct Curl_cftype Curl_cft_http_connect;
+
+CURLcode Curl_cf_http_connect_add(struct Curl_easy *data,
+ struct connectdata *conn,
+ int sockindex,
+ const struct Curl_dns_entry *remotehost,
+ bool try_h3, bool try_h21);
+
+CURLcode
+Curl_cf_http_connect_insert_after(struct Curl_cfilter *cf_at,
+ struct Curl_easy *data,
+ const struct Curl_dns_entry *remotehost,
+ bool try_h3, bool try_h21);
+
+
+CURLcode Curl_cf_https_setup(struct Curl_easy *data,
+ struct connectdata *conn,
+ int sockindex,
+ const struct Curl_dns_entry *remotehost);
+
+
+#endif /* !defined(CURL_DISABLE_HTTP) && !defined(USE_HYPER) */
+#endif /* HEADER_CURL_CF_HTTP_H */
diff --git a/libs/libcurl/src/cf-socket.c b/libs/libcurl/src/cf-socket.c
index 7cabeea978..69d44369fe 100644
--- a/libs/libcurl/src/cf-socket.c
+++ b/libs/libcurl/src/cf-socket.c
@@ -253,19 +253,6 @@ static CURLcode socket_open(struct Curl_easy *data,
else {
/* opensocket callback not set, so simply create the socket now */
*sockfd = socket(addr->family, addr->socktype, addr->protocol);
- if(!*sockfd && addr->socktype == SOCK_DGRAM) {
- /* This is icky and seems, at least, to happen on macOS:
- * we get sockfd == 0 and if called again, we get a valid one > 0.
- * If we close the 0, we sometimes get failures in multi poll, as
- * 0 seems also be the fd for the sockpair used for WAKEUP polling.
- * Very strange. Maybe this code should be ifdef'ed for macOS, but
- * on "real" OS, fd 0 is stdin and we never see that. So...
- */
- fake_sclose(*sockfd);
- *sockfd = socket(addr->family, addr->socktype, addr->protocol);
- DEBUGF(infof(data, "QUIRK: UDP socket() gave handle 0, 2nd attempt %d",
- (int)*sockfd));
- }
}
if(*sockfd == CURL_SOCKET_BAD)
@@ -338,20 +325,6 @@ int Curl_socket_close(struct Curl_easy *data, struct connectdata *conn,
return socket_close(data, conn, FALSE, sock);
}
-bool Curl_socket_is_dead(curl_socket_t sock)
-{
- int sval;
- bool ret_val = TRUE;
-
- sval = SOCKET_READABLE(sock, 0);
- if(sval == 0)
- /* timeout */
- ret_val = FALSE;
-
- return ret_val;
-}
-
-
#ifdef USE_WINSOCK
/* When you run a program that uses the Windows Sockets API, you may
experience slow performance when you copy data to a TCP server.
@@ -522,7 +495,7 @@ static CURLcode bindlocal(struct Curl_easy *data, struct connectdata *conn,
conn->ip_version = CURL_IPRESOLVE_V6;
#endif
- rc = Curl_resolv(data, dev, 0, FALSE, &h);
+ rc = Curl_resolv(data, dev, 80, FALSE, &h);
if(rc == CURLRESOLV_PENDING)
(void)Curl_resolver_wait_resolv(data, &h);
conn->ip_version = ipver;
@@ -1084,6 +1057,11 @@ static CURLcode cf_tcp_connect(struct Curl_cfilter *cf,
if(result)
goto out;
+ if(cf->connected) {
+ *done = TRUE;
+ return CURLE_OK;
+ }
+
/* Connect TCP socket */
rc = do_connect(cf, data, cf->conn->bits.tcp_fastopen);
if(-1 == rc) {
@@ -1449,22 +1427,6 @@ static CURLcode cf_socket_cntrl(struct Curl_cfilter *cf,
case CF_CTRL_CONN_INFO_UPDATE:
cf_socket_active(cf, data);
break;
- case CF_CTRL_CONN_REPORT_STATS:
- switch(ctx->transport) {
- case TRNSPRT_UDP:
- case TRNSPRT_QUIC:
- /* Since UDP connected sockets work different from TCP, we use the
- * time of the first byte from the peer as the "connect" time. */
- if(ctx->got_first_byte) {
- Curl_pgrsTimeWas(data, TIMER_CONNECT, ctx->first_byte_at);
- break;
- }
- /* FALLTHROUGH */
- default:
- Curl_pgrsTimeWas(data, TIMER_CONNECT, ctx->connected_at);
- break;
- }
- break;
case CF_CTRL_DATA_SETUP:
Curl_persistconninfo(data, cf->conn, ctx->l_ip, ctx->l_port);
break;
@@ -1473,38 +1435,39 @@ static CURLcode cf_socket_cntrl(struct Curl_cfilter *cf,
}
static bool cf_socket_conn_is_alive(struct Curl_cfilter *cf,
- struct Curl_easy *data)
+ struct Curl_easy *data,
+ bool *input_pending)
{
struct cf_socket_ctx *ctx = cf->ctx;
- int sval;
+ struct pollfd pfd[1];
+ int r;
+ *input_pending = FALSE;
(void)data;
if(!ctx || ctx->sock == CURL_SOCKET_BAD)
return FALSE;
- sval = SOCKET_READABLE(ctx->sock, 0);
- if(sval == 0) {
- /* timeout */
- return TRUE;
- }
- else if(sval & CURL_CSELECT_ERR) {
- /* socket is in an error state */
+ /* Check with 0 timeout if there are any events pending on the socket */
+ pfd[0].fd = ctx->sock;
+ pfd[0].events = POLLRDNORM|POLLIN|POLLRDBAND|POLLPRI;
+ pfd[0].revents = 0;
+
+ r = Curl_poll(pfd, 1, 0);
+ if(r < 0) {
+ DEBUGF(LOG_CF(data, cf, "is_alive: poll error, assume dead"));
return FALSE;
}
- else if(sval & CURL_CSELECT_IN) {
- /* readable with no error. could still be closed */
-/* Minix 3.1 doesn't support any flags on recv; just assume socket is OK */
-#ifdef MSG_PEEK
- /* use the socket */
- char buf;
- if(recv((RECV_TYPE_ARG1)ctx->sock, (RECV_TYPE_ARG2)&buf,
- (RECV_TYPE_ARG3)1, (RECV_TYPE_ARG4)MSG_PEEK) == 0) {
- return FALSE; /* FIN received */
- }
-#endif
+ else if(r == 0) {
+ DEBUGF(LOG_CF(data, cf, "is_alive: poll timeout, assume alive"));
return TRUE;
}
+ else if(pfd[0].revents & (POLLERR|POLLHUP|POLLPRI|POLLNVAL)) {
+ DEBUGF(LOG_CF(data, cf, "is_alive: err/hup/etc events, assume dead"));
+ return FALSE;
+ }
+ DEBUGF(LOG_CF(data, cf, "is_alive: valid events, looks alive"));
+ *input_pending = TRUE;
return TRUE;
}
@@ -1527,6 +1490,24 @@ static CURLcode cf_socket_query(struct Curl_cfilter *cf,
else
*pres1 = -1;
return CURLE_OK;
+ case CF_QUERY_TIMER_CONNECT: {
+ struct curltime *when = pres2;
+ switch(ctx->transport) {
+ case TRNSPRT_UDP:
+ case TRNSPRT_QUIC:
+ /* Since UDP connected sockets work different from TCP, we use the
+ * time of the first byte from the peer as the "connect" time. */
+ if(ctx->got_first_byte) {
+ *when = ctx->first_byte_at;
+ break;
+ }
+ /* FALLTHROUGH */
+ default:
+ *when = ctx->connected_at;
+ break;
+ }
+ return CURLE_OK;
+ }
default:
break;
}
@@ -1826,7 +1807,6 @@ CURLcode Curl_conn_tcp_listen_set(struct Curl_easy *data,
Curl_conn_cf_add(data, conn, sockindex, cf);
conn->sock[sockindex] = ctx->sock;
- set_remote_ip(cf, data);
set_local_ip(cf, data);
ctx->active = TRUE;
ctx->connected_at = Curl_now();
@@ -1841,6 +1821,38 @@ out:
return result;
}
+static void set_accepted_remote_ip(struct Curl_cfilter *cf,
+ struct Curl_easy *data)
+{
+ struct cf_socket_ctx *ctx = cf->ctx;
+#ifdef HAVE_GETPEERNAME
+ char buffer[STRERROR_LEN];
+ struct Curl_sockaddr_storage ssrem;
+ curl_socklen_t plen;
+
+ ctx->r_ip[0] = 0;
+ ctx->r_port = 0;
+ plen = sizeof(ssrem);
+ memset(&ssrem, 0, plen);
+ if(getpeername(ctx->sock, (struct sockaddr*) &ssrem, &plen)) {
+ int error = SOCKERRNO;
+ failf(data, "getpeername() failed with errno %d: %s",
+ error, Curl_strerror(error, buffer, sizeof(buffer)));
+ return;
+ }
+ if(!Curl_addr2string((struct sockaddr*)&ssrem, plen,
+ ctx->r_ip, &ctx->r_port)) {
+ failf(data, "ssrem inet_ntop() failed with errno %d: %s",
+ errno, Curl_strerror(errno, buffer, sizeof(buffer)));
+ return;
+ }
+#else
+ ctx->r_ip[0] = 0;
+ ctx->r_port = 0;
+ (void)data;
+#endif
+}
+
CURLcode Curl_conn_tcp_accepted_set(struct Curl_easy *data,
struct connectdata *conn,
int sockindex, curl_socket_t *s)
@@ -1857,13 +1869,14 @@ CURLcode Curl_conn_tcp_accepted_set(struct Curl_easy *data,
socket_close(data, conn, TRUE, ctx->sock);
ctx->sock = *s;
conn->sock[sockindex] = ctx->sock;
- set_remote_ip(cf, data);
+ set_accepted_remote_ip(cf, data);
set_local_ip(cf, data);
ctx->active = TRUE;
ctx->accepted = TRUE;
ctx->connected_at = Curl_now();
cf->connected = TRUE;
- DEBUGF(LOG_CF(data, cf, "Curl_conn_tcp_accepted_set(%d)", (int)ctx->sock));
+ DEBUGF(LOG_CF(data, cf, "accepted_set(sock=%d, remote=%s port=%d)",
+ (int)ctx->sock, ctx->r_ip, ctx->r_port));
return CURLE_OK;
}
diff --git a/libs/libcurl/src/cf-socket.h b/libs/libcurl/src/cf-socket.h
index fa9391f9a9..897a46e580 100644
--- a/libs/libcurl/src/cf-socket.h
+++ b/libs/libcurl/src/cf-socket.h
@@ -70,13 +70,6 @@ CURLcode Curl_socket_open(struct Curl_easy *data,
int Curl_socket_close(struct Curl_easy *data, struct connectdata *conn,
curl_socket_t sock);
-/*
- * This function should return TRUE if the socket is to be assumed to
- * be dead. Most commonly this happens when the server has closed the
- * connection due to inactivity.
- */
-bool Curl_socket_is_dead(curl_socket_t sock);
-
/**
* Determine the curl code for a socket connect() == -1 with errno.
*/
diff --git a/libs/libcurl/src/cfilters.c b/libs/libcurl/src/cfilters.c
index 8d65681ce1..ffd0dbc883 100644
--- a/libs/libcurl/src/cfilters.c
+++ b/libs/libcurl/src/cfilters.c
@@ -124,10 +124,11 @@ ssize_t Curl_cf_def_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
}
bool Curl_cf_def_conn_is_alive(struct Curl_cfilter *cf,
- struct Curl_easy *data)
+ struct Curl_easy *data,
+ bool *input_pending)
{
return cf->next?
- cf->next->cft->is_alive(cf->next, data) :
+ cf->next->cft->is_alive(cf->next, data, input_pending) :
FALSE; /* pessimistic in absence of data */
}
@@ -370,9 +371,12 @@ CURLcode Curl_conn_connect(struct Curl_easy *data,
result = cf->cft->connect(cf, data, blocking, done);
if(!result && *done) {
Curl_conn_ev_update_info(data, data->conn);
- Curl_conn_ev_report_stats(data, data->conn);
+ Curl_conn_report_connect_stats(data, data->conn);
data->conn->keepalive = Curl_now();
}
+ else if(result) {
+ Curl_conn_report_connect_stats(data, data->conn);
+ }
}
return result;
@@ -608,16 +612,32 @@ void Curl_conn_ev_update_info(struct Curl_easy *data,
cf_cntrl_all(conn, data, TRUE, CF_CTRL_CONN_INFO_UPDATE, 0, NULL);
}
-void Curl_conn_ev_report_stats(struct Curl_easy *data,
- struct connectdata *conn)
+void Curl_conn_report_connect_stats(struct Curl_easy *data,
+ struct connectdata *conn)
{
- cf_cntrl_all(conn, data, TRUE, CF_CTRL_CONN_REPORT_STATS, 0, NULL);
+ struct Curl_cfilter *cf = conn->cfilter[FIRSTSOCKET];
+ if(cf) {
+ struct curltime connected;
+ struct curltime appconnected;
+
+ memset(&connected, 0, sizeof(connected));
+ cf->cft->query(cf, data, CF_QUERY_TIMER_CONNECT, NULL, &connected);
+ if(connected.tv_sec || connected.tv_usec)
+ Curl_pgrsTimeWas(data, TIMER_CONNECT, connected);
+
+ memset(&appconnected, 0, sizeof(appconnected));
+ cf->cft->query(cf, data, CF_QUERY_TIMER_APPCONNECT, NULL, &appconnected);
+ if(appconnected.tv_sec || appconnected.tv_usec)
+ Curl_pgrsTimeWas(data, TIMER_APPCONNECT, appconnected);
+ }
}
-bool Curl_conn_is_alive(struct Curl_easy *data, struct connectdata *conn)
+bool Curl_conn_is_alive(struct Curl_easy *data, struct connectdata *conn,
+ bool *input_pending)
{
struct Curl_cfilter *cf = conn->cfilter[FIRSTSOCKET];
- return cf && !cf->conn->bits.close && cf->cft->is_alive(cf, data);
+ return cf && !cf->conn->bits.close &&
+ cf->cft->is_alive(cf, data, input_pending);
}
CURLcode Curl_conn_keep_alive(struct Curl_easy *data,
diff --git a/libs/libcurl/src/cfilters.h b/libs/libcurl/src/cfilters.h
index 244b956918..3a50fadcd8 100644
--- a/libs/libcurl/src/cfilters.h
+++ b/libs/libcurl/src/cfilters.h
@@ -85,7 +85,8 @@ typedef ssize_t Curl_cft_recv(struct Curl_cfilter *cf,
CURLcode *err); /* error to return */
typedef bool Curl_cft_conn_is_alive(struct Curl_cfilter *cf,
- struct Curl_easy *data);
+ struct Curl_easy *data,
+ bool *input_pending);
typedef CURLcode Curl_cft_conn_keep_alive(struct Curl_cfilter *cf,
struct Curl_easy *data);
@@ -109,8 +110,6 @@ typedef CURLcode Curl_cft_conn_keep_alive(struct Curl_cfilter *cf,
#define CF_CTRL_DATA_DONE_SEND 8 /* 0 NULL ignored */
/* update conn info at connection and data */
#define CF_CTRL_CONN_INFO_UPDATE (256+0) /* 0 NULL ignored */
-/* report conn statistics (timers) for connection and data */
-#define CF_CTRL_CONN_REPORT_STATS (256+1) /* 0 NULL ignored */
/**
* Handle event/control for the filter.
@@ -138,6 +137,8 @@ typedef CURLcode Curl_cft_cntrl(struct Curl_cfilter *cf,
#define CF_QUERY_MAX_CONCURRENT 1 /* number - */
#define CF_QUERY_CONNECT_REPLY_MS 2 /* number - */
#define CF_QUERY_SOCKET 3 /* - curl_socket_t */
+#define CF_QUERY_TIMER_CONNECT 4 /* - struct curltime */
+#define CF_QUERY_TIMER_APPCONNECT 5 /* - struct curltime */
/**
* Query the cfilter for properties. Filters ignorant of a query will
@@ -216,7 +217,8 @@ CURLcode Curl_cf_def_cntrl(struct Curl_cfilter *cf,
struct Curl_easy *data,
int event, int arg1, void *arg2);
bool Curl_cf_def_conn_is_alive(struct Curl_cfilter *cf,
- struct Curl_easy *data);
+ struct Curl_easy *data,
+ bool *input_pending);
CURLcode Curl_cf_def_conn_keep_alive(struct Curl_cfilter *cf,
struct Curl_easy *data);
CURLcode Curl_cf_def_query(struct Curl_cfilter *cf,
@@ -435,15 +437,16 @@ void Curl_conn_ev_update_info(struct Curl_easy *data,
struct connectdata *conn);
/**
- * Inform connection filters to report statistics.
+ * Update connection statistics
*/
-void Curl_conn_ev_report_stats(struct Curl_easy *data,
- struct connectdata *conn);
+void Curl_conn_report_connect_stats(struct Curl_easy *data,
+ struct connectdata *conn);
/**
* Check if FIRSTSOCKET's cfilter chain deems connection alive.
*/
-bool Curl_conn_is_alive(struct Curl_easy *data, struct connectdata *conn);
+bool Curl_conn_is_alive(struct Curl_easy *data, struct connectdata *conn,
+ bool *input_pending);
/**
* Try to upkeep the connection filters at sockindex.
diff --git a/libs/libcurl/src/config-win32.h b/libs/libcurl/src/config-win32.h
index f014d4746c..e12ab552fd 100644
--- a/libs/libcurl/src/config-win32.h
+++ b/libs/libcurl/src/config-win32.h
@@ -39,10 +39,18 @@
#define HAVE_FCNTL_H 1
/* Define to 1 if you have the <inttypes.h> header file. */
-#if defined(_MSC_VER) && (_MSC_VER >= 1800)
+#if defined(__MINGW32__) || \
+ (defined(_MSC_VER) && (_MSC_VER >= 1800))
#define HAVE_INTTYPES_H 1
#endif
+/* Define to 1 if you have the <stdint.h> header file. */
+#if defined(__MINGW32__) || defined(__POCC__) || \
+ (defined(_MSC_VER) && (_MSC_VER >= 1600)) || \
+ (defined(__BORLANDC__) && (__BORLANDC__ >= 0x0582))
+#define HAVE_STDINT_H 1
+#endif
+
/* Define if you have the <io.h> header file. */
#define HAVE_IO_H 1
@@ -197,10 +205,6 @@
/* Define if you have the socket function. */
#define HAVE_SOCKET 1
-/* Define if libSSH2 is in use */
-#define USE_LIBSSH2 1
-#define HAVE_LIBSSH2_H 1
-
/* Define if you have the strcasecmp function. */
#ifdef __MINGW32__
#define HAVE_STRCASECMP 1
@@ -619,9 +623,6 @@ Vista
# define CURL_DISABLE_LDAP 1
#endif
-/* if SSL is enabled */
-#define USE_OPENSSL 1
-
/* Define to use the Windows crypto library. */
#if !defined(CURL_WINDOWS_APP)
#define USE_WIN32_CRYPTO
diff --git a/libs/libcurl/src/conncache.c b/libs/libcurl/src/conncache.c
index 54075da7e6..5b17a1b7b1 100644
--- a/libs/libcurl/src/conncache.c
+++ b/libs/libcurl/src/conncache.c
@@ -45,13 +45,6 @@
#define HASHKEY_SIZE 128
-static void conn_llist_dtor(void *user, void *element)
-{
- struct connectdata *conn = element;
- (void)user;
- conn->bundle = NULL;
-}
-
static CURLcode bundle_create(struct connectbundle **bundlep)
{
DEBUGASSERT(*bundlep == NULL);
@@ -62,17 +55,12 @@ static CURLcode bundle_create(struct connectbundle **bundlep)
(*bundlep)->num_connections = 0;
(*bundlep)->multiuse = BUNDLE_UNKNOWN;
- Curl_llist_init(&(*bundlep)->conn_list, (Curl_llist_dtor) conn_llist_dtor);
+ Curl_llist_init(&(*bundlep)->conn_list, NULL);
return CURLE_OK;
}
static void bundle_destroy(struct connectbundle *bundle)
{
- if(!bundle)
- return;
-
- Curl_llist_destroy(&bundle->conn_list, NULL);
-
free(bundle);
}
diff --git a/libs/libcurl/src/connect.c b/libs/libcurl/src/connect.c
index e17bf235be..5b715acf58 100644
--- a/libs/libcurl/src/connect.c
+++ b/libs/libcurl/src/connect.c
@@ -59,7 +59,7 @@
#include "strerror.h"
#include "cfilters.h"
#include "connect.h"
-#include "cf-http.h"
+#include "cf-https-connect.h"
#include "cf-socket.h"
#include "select.h"
#include "url.h" /* for Curl_safefree() */
@@ -957,6 +957,28 @@ static bool cf_he_data_pending(struct Curl_cfilter *cf,
return FALSE;
}
+static struct curltime get_max_baller_time(struct Curl_cfilter *cf,
+ struct Curl_easy *data,
+ int query)
+{
+ struct cf_he_ctx *ctx = cf->ctx;
+ struct curltime t, tmax;
+ size_t i;
+
+ memset(&tmax, 0, sizeof(tmax));
+ for(i = 0; i < sizeof(ctx->baller)/sizeof(ctx->baller[0]); i++) {
+ struct eyeballer *baller = ctx->baller[i];
+
+ memset(&t, 0, sizeof(t));
+ if(baller && baller->cf &&
+ !baller->cf->cft->query(baller->cf, data, query, NULL, &t)) {
+ if((t.tv_sec || t.tv_usec) && Curl_timediff_us(t, tmax) > 0)
+ tmax = t;
+ }
+ }
+ return tmax;
+}
+
static CURLcode cf_he_query(struct Curl_cfilter *cf,
struct Curl_easy *data,
int query, int *pres1, void *pres2)
@@ -984,7 +1006,16 @@ static CURLcode cf_he_query(struct Curl_cfilter *cf,
DEBUGF(LOG_CF(data, cf, "query connect reply: %dms", *pres1));
return CURLE_OK;
}
-
+ case CF_QUERY_TIMER_CONNECT: {
+ struct curltime *when = pres2;
+ *when = get_max_baller_time(cf, data, CF_QUERY_TIMER_CONNECT);
+ return CURLE_OK;
+ }
+ case CF_QUERY_TIMER_APPCONNECT: {
+ struct curltime *when = pres2;
+ *when = get_max_baller_time(cf, data, CF_QUERY_TIMER_APPCONNECT);
+ return CURLE_OK;
+ }
default:
break;
}
diff --git a/libs/libcurl/src/content_encoding.c b/libs/libcurl/src/content_encoding.c
index eba1f319c4..6858b4547f 100644
--- a/libs/libcurl/src/content_encoding.c
+++ b/libs/libcurl/src/content_encoding.c
@@ -33,7 +33,15 @@
#endif
#ifdef HAVE_BROTLI
+#if defined(__GNUC__)
+/* Ignore -Wvla warnings in brotli headers */
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wvla"
+#endif
#include <brotli/decode.h>
+#if defined(__GNUC__)
+#pragma GCC diagnostic pop
+#endif
#endif
#ifdef HAVE_ZSTD
diff --git a/libs/libcurl/src/cookie.c b/libs/libcurl/src/cookie.c
index ccb25cdc51..77e202b6c6 100644
--- a/libs/libcurl/src/cookie.c
+++ b/libs/libcurl/src/cookie.c
@@ -101,13 +101,14 @@ Example set of cookies:
#include "parsedate.h"
#include "rename.h"
#include "fopen.h"
+#include "strdup.h"
/* The last 3 #include files should be in this order */
#include "curl_printf.h"
#include "curl_memory.h"
#include "memdebug.h"
-static void strstore(char **str, const char *newstr);
+static void strstore(char **str, const char *newstr, size_t len);
static void freecookie(struct Cookie *co)
{
@@ -122,15 +123,17 @@ static void freecookie(struct Cookie *co)
free(co);
}
-static bool tailmatch(const char *cooke_domain, const char *hostname)
+static bool tailmatch(const char *cookie_domain, size_t cookie_domain_len,
+ const char *hostname)
{
- size_t cookie_domain_len = strlen(cooke_domain);
size_t hostname_len = strlen(hostname);
if(hostname_len < cookie_domain_len)
return FALSE;
- if(!strcasecompare(cooke_domain, hostname + hostname_len-cookie_domain_len))
+ if(!strncasecompare(cookie_domain,
+ hostname + hostname_len-cookie_domain_len,
+ cookie_domain_len))
return FALSE;
/*
@@ -176,7 +179,7 @@ static bool pathmatch(const char *cookie_path, const char *request_uri)
/* #-fragments are already cut off! */
if(0 == strlen(uri_path) || uri_path[0] != '/') {
- strstore(&uri_path, "/");
+ strstore(&uri_path, "/", 1);
if(!uri_path)
return FALSE;
}
@@ -310,7 +313,7 @@ static char *sanitize_cookie_path(const char *cookie_path)
/* RFC6265 5.2.4 The Path Attribute */
if(new_path[0] != '/') {
/* Let cookie-path be the default-path. */
- strstore(&new_path, "/");
+ strstore(&new_path, "/", 1);
return new_path;
}
@@ -333,10 +336,9 @@ void Curl_cookie_loadfiles(struct Curl_easy *data)
if(list) {
Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
while(list) {
- struct CookieInfo *newcookies = Curl_cookie_init(data,
- list->data,
- data->cookies,
- data->set.cookiesession);
+ struct CookieInfo *newcookies =
+ Curl_cookie_init(data, list->data, data->cookies,
+ data->set.cookiesession);
if(!newcookies)
/*
* Failure may be due to OOM or a bad cookie; both are ignored
@@ -360,10 +362,14 @@ void Curl_cookie_loadfiles(struct Curl_easy *data)
* parsing in a last-wins scenario. The caller is responsible for checking
* for OOM errors.
*/
-static void strstore(char **str, const char *newstr)
+static void strstore(char **str, const char *newstr, size_t len)
{
+ DEBUGASSERT(newstr);
+ DEBUGASSERT(str);
free(*str);
- *str = strdup(newstr);
+ *str = Curl_memdup(newstr, len + 1);
+ if(*str)
+ (*str)[len] = 0;
}
/*
@@ -425,15 +431,19 @@ static void remove_expired(struct CookieInfo *cookies)
}
/* Make sure domain contains a dot or is localhost. */
-static bool bad_domain(const char *domain)
+static bool bad_domain(const char *domain, size_t len)
{
- if(strcasecompare(domain, "localhost"))
+ if((len == 9) && strncasecompare(domain, "localhost", 9))
return FALSE;
else {
/* there must be a dot present, but that dot must not be a trailing dot */
- char *dot = strchr(domain, '.');
- if(dot)
- return dot[1] ? FALSE : TRUE;
+ char *dot = memchr(domain, '.', len);
+ if(dot) {
+ size_t i = dot - domain;
+ if((len - i) > 1)
+ /* the dot is not the last byte */
+ return FALSE;
+ }
}
return TRUE;
}
@@ -513,10 +523,9 @@ Curl_cookie_add(struct Curl_easy *data,
if(httpheader) {
/* This line was read off an HTTP-header */
- char name[MAX_NAME];
- char what[MAX_NAME];
+ const char *namep;
+ const char *valuep;
const char *ptr;
- const char *semiptr;
size_t linelength = strlen(lineptr);
if(linelength > MAX_COOKIE_LINE) {
@@ -525,73 +534,65 @@ Curl_cookie_add(struct Curl_easy *data,
return NULL;
}
- semiptr = strchr(lineptr, ';'); /* first, find a semicolon */
-
- while(*lineptr && ISBLANK(*lineptr))
- lineptr++;
-
ptr = lineptr;
do {
- /* we have a <what>=<this> pair or a stand-alone word here */
- name[0] = what[0] = 0; /* init the buffers */
- if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^;\t\r\n=] =%"
- MAX_NAME_TXT "[^;\r\n]",
- name, what)) {
- /*
- * Use strstore() below to properly deal with received cookie
- * headers that have the same string property set more than once,
- * and then we use the last one.
- */
- const char *whatptr;
+ size_t vlen;
+ size_t nlen;
+
+ while(*ptr && ISBLANK(*ptr))
+ ptr++;
+
+ /* we have a <name>=<value> pair or a stand-alone word here */
+ nlen = strcspn(ptr, ";\t\r\n=");
+ if(nlen) {
bool done = FALSE;
- bool sep;
- size_t len = strlen(what);
- size_t nlen = strlen(name);
- const char *endofn = &ptr[ nlen ];
+ bool sep = FALSE;
- /*
- * Check for too long individual name or contents, or too long
- * combination of name + contents. Chrome and Firefox support 4095 or
- * 4096 bytes combo
- */
- if(nlen >= (MAX_NAME-1) || len >= (MAX_NAME-1) ||
- ((nlen + len) > MAX_NAME)) {
- freecookie(co);
- infof(data, "oversized cookie dropped, name/val %zu + %zu bytes",
- nlen, len);
- return NULL;
- }
+ namep = ptr;
+ ptr += nlen;
- /* name ends with a '=' ? */
- sep = (*endofn == '=')?TRUE:FALSE;
+ /* trim trailing spaces and tabs after name */
+ while(nlen && ISBLANK(namep[nlen - 1]))
+ nlen--;
- if(nlen) {
- endofn--; /* move to the last character */
- if(ISBLANK(*endofn)) {
- /* skip trailing spaces in name */
- while(*endofn && ISBLANK(*endofn) && nlen) {
- endofn--;
- nlen--;
- }
- name[nlen] = 0; /* new end of name */
+ if(*ptr == '=') {
+ vlen = strcspn(++ptr, ";\r\n");
+ valuep = ptr;
+ sep = TRUE;
+ ptr = &valuep[vlen];
+
+ /* Strip off trailing whitespace from the value */
+ while(vlen && ISBLANK(valuep[vlen-1]))
+ vlen--;
+
+ /* Skip leading whitespace from the value */
+ while(vlen && ISBLANK(*valuep)) {
+ valuep++;
+ vlen--;
}
- }
- /* Strip off trailing whitespace from the 'what' */
- while(len && ISBLANK(what[len-1])) {
- what[len-1] = 0;
- len--;
+ /* Reject cookies with a TAB inside the value */
+ if(memchr(valuep, '\t', vlen)) {
+ freecookie(co);
+ infof(data, "cookie contains TAB, dropping");
+ return NULL;
+ }
+ }
+ else {
+ valuep = NULL;
+ vlen = 0;
}
- /* Skip leading whitespace from the 'what' */
- whatptr = what;
- while(*whatptr && ISBLANK(*whatptr))
- whatptr++;
-
- /* Reject cookies with a TAB inside the content */
- if(strchr(whatptr, '\t')) {
+ /*
+ * Check for too long individual name or contents, or too long
+ * combination of name + contents. Chrome and Firefox support 4095 or
+ * 4096 bytes combo
+ */
+ if(nlen >= (MAX_NAME-1) || vlen >= (MAX_NAME-1) ||
+ ((nlen + vlen) > MAX_NAME)) {
freecookie(co);
- infof(data, "cookie contains TAB, dropping");
+ infof(data, "oversized cookie dropped, name/val %zu + %zu bytes",
+ nlen, vlen);
return NULL;
}
@@ -601,13 +602,19 @@ Curl_cookie_add(struct Curl_easy *data,
* "the rest". Prefixes must start with '__' and end with a '-', so
* only test for names where that can possibly be true.
*/
- if(nlen > 3 && name[0] == '_' && name[1] == '_') {
- if(strncasecompare("__Secure-", name, 9))
+ if(nlen >= 7 && namep[0] == '_' && namep[1] == '_') {
+ if(strncasecompare("__Secure-", namep, 9))
co->prefix |= COOKIE_PREFIX__SECURE;
- else if(strncasecompare("__Host-", name, 7))
+ else if(strncasecompare("__Host-", namep, 7))
co->prefix |= COOKIE_PREFIX__HOST;
}
+ /*
+ * Use strstore() below to properly deal with received cookie
+ * headers that have the same string property set more than once,
+ * and then we use the last one.
+ */
+
if(!co->name) {
/* The very first name/value pair is the actual cookie name */
if(!sep) {
@@ -615,20 +622,20 @@ Curl_cookie_add(struct Curl_easy *data,
badcookie = TRUE;
break;
}
- co->name = strdup(name);
- co->value = strdup(whatptr);
+ strstore(&co->name, namep, nlen);
+ strstore(&co->value, valuep, vlen);
done = TRUE;
if(!co->name || !co->value) {
badcookie = TRUE;
break;
}
- if(invalid_octets(whatptr) || invalid_octets(name)) {
+ if(invalid_octets(co->value) || invalid_octets(co->name)) {
infof(data, "invalid octets in name/value, cookie dropped");
badcookie = TRUE;
break;
}
}
- else if(!len) {
+ else if(!vlen) {
/*
* this was a "<name>=" with no content, and we must allow
* 'secure' and 'httponly' specified this weirdly
@@ -639,7 +646,7 @@ Curl_cookie_add(struct Curl_easy *data,
* using a secure protocol, or when the cookie is being set by
* reading from file
*/
- if(strcasecompare("secure", name)) {
+ if((nlen == 6) && strncasecompare("secure", namep, 6)) {
if(secure || !c->running) {
co->secure = TRUE;
}
@@ -648,7 +655,7 @@ Curl_cookie_add(struct Curl_easy *data,
break;
}
}
- else if(strcasecompare("httponly", name))
+ else if((nlen == 8) && strncasecompare("httponly", namep, 8))
co->httponly = TRUE;
else if(sep)
/* there was a '=' so we're not done parsing this field */
@@ -656,8 +663,8 @@ Curl_cookie_add(struct Curl_easy *data,
}
if(done)
;
- else if(strcasecompare("path", name)) {
- strstore(&co->path, whatptr);
+ else if((nlen == 4) && strncasecompare("path", namep, 4)) {
+ strstore(&co->path, valuep, vlen);
if(!co->path) {
badcookie = TRUE; /* out of memory bad */
break;
@@ -669,7 +676,8 @@ Curl_cookie_add(struct Curl_easy *data,
break;
}
}
- else if(strcasecompare("domain", name) && whatptr[0]) {
+ else if((nlen == 6) &&
+ strncasecompare("domain", namep, 6) && vlen) {
bool is_ip;
/*
@@ -677,8 +685,10 @@ Curl_cookie_add(struct Curl_easy *data,
* the given domain is not valid and thus cannot be set.
*/
- if('.' == whatptr[0])
- whatptr++; /* ignore preceding dot */
+ if('.' == valuep[0]) {
+ valuep++; /* ignore preceding dot */
+ vlen--;
+ }
#ifndef USE_LIBPSL
/*
@@ -686,16 +696,17 @@ Curl_cookie_add(struct Curl_easy *data,
* TLD or otherwise "protected" suffix. To reduce risk, we require a
* dot OR the exact host name being "localhost".
*/
- if(bad_domain(whatptr))
+ if(bad_domain(valuep, vlen))
domain = ":";
#endif
- is_ip = Curl_host_is_ipnum(domain ? domain : whatptr);
+ is_ip = Curl_host_is_ipnum(domain ? domain : valuep);
if(!domain
- || (is_ip && !strcmp(whatptr, domain))
- || (!is_ip && tailmatch(whatptr, domain))) {
- strstore(&co->domain, whatptr);
+ || (is_ip && !strncmp(valuep, domain, vlen) &&
+ (vlen == strlen(domain)))
+ || (!is_ip && tailmatch(valuep, vlen, domain))) {
+ strstore(&co->domain, valuep, vlen);
if(!co->domain) {
badcookie = TRUE;
break;
@@ -711,17 +722,17 @@ Curl_cookie_add(struct Curl_easy *data,
*/
badcookie = TRUE;
infof(data, "skipped cookie with bad tailmatch domain: %s",
- whatptr);
+ valuep);
}
}
- else if(strcasecompare("version", name)) {
- strstore(&co->version, whatptr);
+ else if((nlen == 7) && strncasecompare("version", namep, 7)) {
+ strstore(&co->version, valuep, vlen);
if(!co->version) {
badcookie = TRUE;
break;
}
}
- else if(strcasecompare("max-age", name)) {
+ else if((nlen == 7) && strncasecompare("max-age", namep, 7)) {
/*
* Defined in RFC2109:
*
@@ -731,14 +742,14 @@ Curl_cookie_add(struct Curl_easy *data,
* client should discard the cookie. A value of zero means the
* cookie should be discarded immediately.
*/
- strstore(&co->maxage, whatptr);
+ strstore(&co->maxage, valuep, vlen);
if(!co->maxage) {
badcookie = TRUE;
break;
}
}
- else if(strcasecompare("expires", name)) {
- strstore(&co->expirestr, whatptr);
+ else if((nlen == 7) && strncasecompare("expires", namep, 7)) {
+ strstore(&co->expirestr, valuep, vlen);
if(!co->expirestr) {
badcookie = TRUE;
break;
@@ -753,24 +764,13 @@ Curl_cookie_add(struct Curl_easy *data,
/* this is an "illegal" <what>=<this> pair */
}
- if(!semiptr || !*semiptr) {
- /* we already know there are no more cookies */
- semiptr = NULL;
- continue;
- }
-
- ptr = semiptr + 1;
while(*ptr && ISBLANK(*ptr))
ptr++;
- semiptr = strchr(ptr, ';'); /* now, find the next semicolon */
-
- if(!semiptr && *ptr)
- /*
- * There are no more semicolons, but there's a final name=value pair
- * coming up
- */
- semiptr = strchr(ptr, '\0');
- } while(semiptr);
+ if(*ptr == ';')
+ ptr++;
+ else
+ break;
+ } while(1);
if(co->maxage) {
CURLofft offt;
@@ -1057,7 +1057,7 @@ Curl_cookie_add(struct Curl_easy *data,
Curl_psl_release(data);
}
else
- acceptable = !bad_domain(domain);
+ acceptable = !bad_domain(domain, strlen(domain));
if(!acceptable) {
infof(data, "cookie '%s' dropped, domain '%s' must not "
@@ -1447,7 +1447,8 @@ struct Cookie *Curl_cookie_getlist(struct Curl_easy *data,
/* now check if the domain is correct */
if(!co->domain ||
- (co->tailmatch && !is_ip && tailmatch(co->domain, host)) ||
+ (co->tailmatch && !is_ip &&
+ tailmatch(co->domain, co->domain? strlen(co->domain):0, host)) ||
((!co->tailmatch || is_ip) && strcasecompare(host, co->domain)) ) {
/*
* the right part of the host matches the domain stuff in the
@@ -1798,11 +1799,6 @@ void Curl_flush_cookies(struct Curl_easy *data, bool cleanup)
CURLcode res;
if(data->set.str[STRING_COOKIEJAR]) {
- /* If there is a list of cookie files to read, do it first so that
- we have all the told files read before we write the new jar.
- Curl_cookie_loadfiles() LOCKS and UNLOCKS the share itself! */
- Curl_cookie_loadfiles(data);
-
Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
/* if we have a destination file for all the cookies to get dumped to */
diff --git a/libs/libcurl/src/curl_config.h.in b/libs/libcurl/src/curl_config.h.in
index 9770e36c07..2aa6ef4803 100644
--- a/libs/libcurl/src/curl_config.h.in
+++ b/libs/libcurl/src/curl_config.h.in
@@ -141,6 +141,9 @@
/* Define to 1 if you have the alarm function. */
#undef HAVE_ALARM
+/* Define to 1 if you have the `arc4random' function. */
+#undef HAVE_ARC4RANDOM
+
/* Define to 1 if you have the <arpa/inet.h> header file. */
#undef HAVE_ARPA_INET_H
diff --git a/libs/libcurl/src/curl_gssapi.c b/libs/libcurl/src/curl_gssapi.c
index e4c26397a0..10506bf674 100644
--- a/libs/libcurl/src/curl_gssapi.c
+++ b/libs/libcurl/src/curl_gssapi.c
@@ -34,10 +34,16 @@
#include "curl_memory.h"
#include "memdebug.h"
-gss_OID_desc Curl_spnego_mech_oid = {
+#if defined(__GNUC__)
+#define CURL_ALIGN8 __attribute__ ((aligned(8)))
+#else
+#define CURL_ALIGN8
+#endif
+
+gss_OID_desc Curl_spnego_mech_oid CURL_ALIGN8 = {
6, (char *)"\x2b\x06\x01\x05\x05\x02"
};
-gss_OID_desc Curl_krb5_mech_oid = {
+gss_OID_desc Curl_krb5_mech_oid CURL_ALIGN8 = {
9, (char *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"
};
diff --git a/libs/libcurl/src/curl_log.c b/libs/libcurl/src/curl_log.c
index 0825e27183..ab1cf29ed6 100644
--- a/libs/libcurl/src/curl_log.c
+++ b/libs/libcurl/src/curl_log.c
@@ -38,7 +38,7 @@
#include "connect.h"
#include "http2.h"
#include "http_proxy.h"
-#include "cf-http.h"
+#include "cf-https-connect.h"
#include "socks.h"
#include "strtok.h"
#include "vtls/vtls.h"
diff --git a/libs/libcurl/src/curl_path.c b/libs/libcurl/src/curl_path.c
index e861698c65..0b2f796d1f 100644
--- a/libs/libcurl/src/curl_path.c
+++ b/libs/libcurl/src/curl_path.c
@@ -32,70 +32,65 @@
#include "escape.h"
#include "memdebug.h"
+#define MAX_SSHPATH_LEN 100000 /* arbitrary */
+
/* figure out the path to work with in this particular request */
CURLcode Curl_getworkingpath(struct Curl_easy *data,
char *homedir, /* when SFTP is used */
char **path) /* returns the allocated
real path to work with */
{
- char *real_path = NULL;
char *working_path;
size_t working_path_len;
+ struct dynbuf npath;
CURLcode result =
Curl_urldecode(data->state.up.path, 0, &working_path,
&working_path_len, REJECT_ZERO);
if(result)
return result;
+ /* new path to switch to in case we need to */
+ Curl_dyn_init(&npath, MAX_SSHPATH_LEN);
+
/* Check for /~/, indicating relative to the user's home directory */
- if(data->conn->handler->protocol & CURLPROTO_SCP) {
- real_path = malloc(working_path_len + 1);
- if(!real_path) {
+ if((data->conn->handler->protocol & CURLPROTO_SCP) &&
+ (working_path_len > 3) && (!memcmp(working_path, "/~/", 3))) {
+ /* It is referenced to the home directory, so strip the leading '/~/' */
+ if(Curl_dyn_addn(&npath, &working_path[3], working_path_len - 3)) {
free(working_path);
return CURLE_OUT_OF_MEMORY;
}
- if((working_path_len > 3) && (!memcmp(working_path, "/~/", 3)))
- /* It is referenced to the home directory, so strip the leading '/~/' */
- memcpy(real_path, working_path + 3, working_path_len - 2);
- else
- memcpy(real_path, working_path, 1 + working_path_len);
}
- else if(data->conn->handler->protocol & CURLPROTO_SFTP) {
- if((working_path_len > 1) && (working_path[1] == '~')) {
- size_t homelen = strlen(homedir);
- real_path = malloc(homelen + working_path_len + 1);
- if(!real_path) {
- free(working_path);
- return CURLE_OUT_OF_MEMORY;
- }
- /* It is referenced to the home directory, so strip the
- leading '/' */
- memcpy(real_path, homedir, homelen);
- /* Only add a trailing '/' if homedir does not end with one */
- if(homelen == 0 || real_path[homelen - 1] != '/') {
- real_path[homelen] = '/';
- homelen++;
- real_path[homelen] = '\0';
- }
- if(working_path_len > 3) {
- memcpy(real_path + homelen, working_path + 3,
- 1 + working_path_len -3);
- }
+ else if((data->conn->handler->protocol & CURLPROTO_SFTP) &&
+ (working_path_len > 2) && !memcmp(working_path, "/~/", 3)) {
+ size_t len;
+ const char *p;
+ int copyfrom = 3;
+ if(Curl_dyn_add(&npath, homedir)) {
+ free(working_path);
+ return CURLE_OUT_OF_MEMORY;
}
- else {
- real_path = malloc(working_path_len + 1);
- if(!real_path) {
- free(working_path);
- return CURLE_OUT_OF_MEMORY;
- }
- memcpy(real_path, working_path, 1 + working_path_len);
+ /* Copy a separating '/' if homedir does not end with one */
+ len = Curl_dyn_len(&npath);
+ p = Curl_dyn_ptr(&npath);
+ if(len && (p[len-1] != '/'))
+ copyfrom = 2;
+
+ if(Curl_dyn_addn(&npath,
+ &working_path[copyfrom], working_path_len - copyfrom)) {
+ free(working_path);
+ return CURLE_OUT_OF_MEMORY;
}
}
- free(working_path);
+ if(Curl_dyn_len(&npath)) {
+ free(working_path);
- /* store the pointer for the caller to receive */
- *path = real_path;
+ /* store the pointer for the caller to receive */
+ *path = Curl_dyn_ptr(&npath);
+ }
+ else
+ *path = working_path;
return CURLE_OK;
}
diff --git a/libs/libcurl/src/curl_setup.h b/libs/libcurl/src/curl_setup.h
index 888e2b76a9..bf95ff1a7d 100644
--- a/libs/libcurl/src/curl_setup.h
+++ b/libs/libcurl/src/curl_setup.h
@@ -61,6 +61,16 @@
# ifndef NOGDI
# define NOGDI
# endif
+/* Detect Windows App environment which has a restricted access
+ * to the Win32 APIs. */
+# if (defined(_WIN32_WINNT) && (_WIN32_WINNT >= 0x0602)) || \
+ defined(WINAPI_FAMILY)
+# include <winapifamily.h>
+# if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) && \
+ !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)
+# define CURL_WINDOWS_APP
+# endif
+# endif
#endif
/*
@@ -431,8 +441,8 @@
# endif
#endif
-#if (SIZEOF_CURL_OFF_T == 4)
-# define CURL_OFF_T_MAX CURL_OFF_T_C(0x7FFFFFFF)
+#if (SIZEOF_CURL_OFF_T < 8)
+#error "too small curl_off_t"
#else
/* assume SIZEOF_CURL_OFF_T == 8 */
# define CURL_OFF_T_MAX CURL_OFF_T_C(0x7FFFFFFFFFFFFFFF)
diff --git a/libs/libcurl/src/curl_setup_once.h b/libs/libcurl/src/curl_setup_once.h
index a228c84f55..98e481ddc8 100644
--- a/libs/libcurl/src/curl_setup_once.h
+++ b/libs/libcurl/src/curl_setup_once.h
@@ -69,6 +69,14 @@
#include <unistd.h>
#endif
+#ifdef USE_WOLFSSL
+# if defined(HAVE_STDINT_H)
+# include <stdint.h>
+# elif defined(HAVE_INTTYPES_H)
+# include <inttypes.h>
+# endif
+#endif
+
#ifdef __hpux
# if !defined(_XOPEN_SOURCE_EXTENDED) || defined(_KERNEL)
# ifdef _APP32_64BIT_OFF_T
diff --git a/libs/libcurl/src/doh.c b/libs/libcurl/src/doh.c
index 6ab8a7836f..c0173d8160 100644
--- a/libs/libcurl/src/doh.c
+++ b/libs/libcurl/src/doh.c
@@ -952,7 +952,7 @@ CURLcode Curl_doh_is_resolved(struct Curl_easy *data,
Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
/* we got a response, store it in the cache */
- dns = Curl_cache_addr(data, ai, dohp->host, dohp->port);
+ dns = Curl_cache_addr(data, ai, dohp->host, 0, dohp->port);
if(data->share)
Curl_share_unlock(data, CURL_LOCK_DATA_DNS);
diff --git a/libs/libcurl/src/dynbuf.c b/libs/libcurl/src/dynbuf.c
index 0a041b74a4..124377b367 100644
--- a/libs/libcurl/src/dynbuf.c
+++ b/libs/libcurl/src/dynbuf.c
@@ -99,8 +99,7 @@ static CURLcode dyn_nappend(struct dynbuf *s,
include that as well when it uses this code */
void *p = realloc(s->bufr, a);
if(!p) {
- Curl_safefree(s->bufr);
- s->leng = s->allc = 0;
+ Curl_dyn_free(s);
return CURLE_OUT_OF_MEMORY;
}
s->bufr = p;
diff --git a/libs/libcurl/src/easy.c b/libs/libcurl/src/easy.c
index 630c81fcd8..497a3570d3 100644
--- a/libs/libcurl/src/easy.c
+++ b/libs/libcurl/src/easy.c
@@ -1228,7 +1228,6 @@ CURLcode curl_easy_recv(struct Curl_easy *data, void *buffer, size_t buflen,
return result;
*n = (size_t)n1;
- infof(data, "reached %s:%d", __FILE__, __LINE__);
return CURLE_OK;
}
diff --git a/libs/libcurl/src/ftp.c b/libs/libcurl/src/ftp.c
index 0970419340..f785a7db7f 100644
--- a/libs/libcurl/src/ftp.c
+++ b/libs/libcurl/src/ftp.c
@@ -436,6 +436,12 @@ static CURLcode InitiateTransfer(struct Curl_easy *data)
bool connected;
DEBUGF(infof(data, "ftp InitiateTransfer()"));
+ if(conn->bits.ftp_use_data_ssl && data->set.ftp_use_port &&
+ !Curl_conn_is_ssl(conn, SECONDARYSOCKET)) {
+ result = Curl_ssl_cfilter_add(data, conn, SECONDARYSOCKET);
+ if(result)
+ return result;
+ }
result = Curl_conn_connect(data, SECONDARYSOCKET, TRUE, &connected);
if(result || !connected)
return result;
@@ -1795,6 +1801,29 @@ static char *control_address(struct connectdata *conn)
return conn->primary_ip;
}
+static bool match_pasv_6nums(const char *p,
+ unsigned int *array) /* 6 numbers */
+{
+ int i;
+ for(i = 0; i < 6; i++) {
+ unsigned long num;
+ char *endp;
+ if(i) {
+ if(*p != ',')
+ return FALSE;
+ p++;
+ }
+ if(!ISDIGIT(*p))
+ return FALSE;
+ num = strtoul(p, &endp, 10);
+ if(num > 255)
+ return FALSE;
+ array[i] = (unsigned int)num;
+ p = endp;
+ }
+ return TRUE;
+}
+
static CURLcode ftp_state_pasv_resp(struct Curl_easy *data,
int ftpcode)
{
@@ -1814,27 +1843,18 @@ static CURLcode ftp_state_pasv_resp(struct Curl_easy *data,
/* positive EPSV response */
char *ptr = strchr(str, '(');
if(ptr) {
- unsigned int num;
- char separator[4];
+ char sep;
ptr++;
- if(5 == sscanf(ptr, "%c%c%c%u%c",
- &separator[0],
- &separator[1],
- &separator[2],
- &num,
- &separator[3])) {
- const char sep1 = separator[0];
- int i;
-
- /* The four separators should be identical, or else this is an oddly
- formatted reply and we bail out immediately. */
- for(i = 1; i<4; i++) {
- if(separator[i] != sep1) {
- ptr = NULL; /* set to NULL to signal error */
- break;
- }
- }
- if(num > 0xffff) {
+ /* |||12345| */
+ sep = ptr[0];
+ /* the ISDIGIT() check here is because strtoul() accepts leading minus
+ etc */
+ if((ptr[1] == sep) && (ptr[2] == sep) && ISDIGIT(ptr[3])) {
+ char *endp;
+ unsigned long num = strtoul(&ptr[3], &endp, 10);
+ if(*endp != sep)
+ ptr = NULL;
+ else if(num > 0xffff) {
failf(data, "Illegal port number in EPSV reply");
return CURLE_FTP_WEIRD_PASV_REPLY;
}
@@ -1856,8 +1876,7 @@ static CURLcode ftp_state_pasv_resp(struct Curl_easy *data,
else if((ftpc->count1 == 1) &&
(ftpcode == 227)) {
/* positive PASV response */
- unsigned int ip[4] = {0, 0, 0, 0};
- unsigned int port[2] = {0, 0};
+ unsigned int ip[6];
/*
* Scan for a sequence of six comma-separated numbers and use them as
@@ -1869,15 +1888,12 @@ static CURLcode ftp_state_pasv_resp(struct Curl_easy *data,
* "227 Entering passive mode. 127,0,0,1,4,51"
*/
while(*str) {
- if(6 == sscanf(str, "%u,%u,%u,%u,%u,%u",
- &ip[0], &ip[1], &ip[2], &ip[3],
- &port[0], &port[1]))
+ if(match_pasv_6nums(str, ip))
break;
str++;
}
- if(!*str || (ip[0] > 255) || (ip[1] > 255) || (ip[2] > 255) ||
- (ip[3] > 255) || (port[0] > 255) || (port[1] > 255) ) {
+ if(!*str) {
failf(data, "Couldn't interpret the 227-response");
return CURLE_FTP_WEIRD_227_FORMAT;
}
@@ -1897,7 +1913,7 @@ static CURLcode ftp_state_pasv_resp(struct Curl_easy *data,
if(!ftpc->newhost)
return CURLE_OUT_OF_MEMORY;
- ftpc->newport = (unsigned short)(((port[0]<<8) + port[1]) & 0xffff);
+ ftpc->newport = (unsigned short)(((ip[4]<<8) + ip[5]) & 0xffff);
}
else if(ftpc->count1 == 0) {
/* EPSV failed, move on to PASV */
@@ -2032,6 +2048,30 @@ static CURLcode ftp_state_port_resp(struct Curl_easy *data,
return result;
}
+static int twodigit(const char *p)
+{
+ return (p[0]-'0') * 10 + (p[1]-'0');
+}
+
+static bool ftp_213_date(const char *p, int *year, int *month, int *day,
+ int *hour, int *minute, int *second)
+{
+ size_t len = strlen(p);
+ if(len < 14)
+ return FALSE;
+ *year = twodigit(&p[0]) * 100 + twodigit(&p[2]);
+ *month = twodigit(&p[4]);
+ *day = twodigit(&p[6]);
+ *hour = twodigit(&p[8]);
+ *minute = twodigit(&p[10]);
+ *second = twodigit(&p[12]);
+
+ if((*month > 12) || (*day > 31) || (*hour > 23) || (*minute > 59) ||
+ (*second > 60))
+ return FALSE;
+ return TRUE;
+}
+
static CURLcode ftp_state_mdtm_resp(struct Curl_easy *data,
int ftpcode)
{
@@ -2046,8 +2086,8 @@ static CURLcode ftp_state_mdtm_resp(struct Curl_easy *data,
/* we got a time. Format should be: "YYYYMMDDHHMMSS[.sss]" where the
last .sss part is optional and means fractions of a second */
int year, month, day, hour, minute, second;
- if(6 == sscanf(&data->state.buffer[4], "%04d%02d%02d%02d%02d%02d",
- &year, &month, &day, &hour, &minute, &second)) {
+ if(ftp_213_date(&data->state.buffer[4],
+ &year, &month, &day, &hour, &minute, &second)) {
/* we have a time, reformat it */
char timebuf[24];
msnprintf(timebuf, sizeof(timebuf),
@@ -2635,7 +2675,7 @@ static CURLcode ftp_statemachine(struct Curl_easy *data,
int ftpcode;
struct ftp_conn *ftpc = &conn->proto.ftpc;
struct pingpong *pp = &ftpc->pp;
- static const char ftpauth[][4] = { "SSL", "TLS" };
+ static const char * const ftpauth[] = { "SSL", "TLS" };
size_t nread = 0;
if(pp->sendleft)
@@ -3221,7 +3261,7 @@ static CURLcode ftp_done(struct Curl_easy *data, CURLcode status,
if(data->state.wildcardmatch) {
if(data->set.chunk_end && ftpc->file) {
Curl_set_in_callback(data, true);
- data->set.chunk_end(data->wildcard.customptr);
+ data->set.chunk_end(data->set.wildcardptr);
Curl_set_in_callback(data, false);
}
ftpc->known_filesize = -1;
@@ -3727,7 +3767,7 @@ static CURLcode init_wc_data(struct Curl_easy *data)
char *last_slash;
struct FTP *ftp = data->req.p.ftp;
char *path = ftp->path;
- struct WildcardData *wildcard = &(data->wildcard);
+ struct WildcardData *wildcard = data->wildcard;
CURLcode result = CURLE_OK;
struct ftp_wc *ftpwc = NULL;
@@ -3775,7 +3815,7 @@ static CURLcode init_wc_data(struct Curl_easy *data)
goto fail;
}
- wildcard->protdata = ftpwc; /* put it to the WildcardData tmp pointer */
+ wildcard->ftpwc = ftpwc; /* put it to the WildcardData tmp pointer */
wildcard->dtor = wc_data_dtor;
/* wildcard does not support NOCWD option (assert it?) */
@@ -3813,13 +3853,13 @@ static CURLcode init_wc_data(struct Curl_easy *data)
}
Curl_safefree(wildcard->pattern);
wildcard->dtor = ZERO_NULL;
- wildcard->protdata = NULL;
+ wildcard->ftpwc = NULL;
return result;
}
static CURLcode wc_statemach(struct Curl_easy *data)
{
- struct WildcardData * const wildcard = &(data->wildcard);
+ struct WildcardData * const wildcard = data->wildcard;
struct connectdata *conn = data->conn;
CURLcode result = CURLE_OK;
@@ -3836,7 +3876,7 @@ static CURLcode wc_statemach(struct Curl_easy *data)
case CURLWC_MATCHING: {
/* In this state is LIST response successfully parsed, so lets restore
previous WRITEFUNCTION callback and WRITEDATA pointer */
- struct ftp_wc *ftpwc = wildcard->protdata;
+ struct ftp_wc *ftpwc = wildcard->ftpwc;
data->set.fwrite_func = ftpwc->backup.write_function;
data->set.out = ftpwc->backup.file_descriptor;
ftpwc->backup.write_function = ZERO_NULL;
@@ -3875,7 +3915,7 @@ static CURLcode wc_statemach(struct Curl_easy *data)
long userresponse;
Curl_set_in_callback(data, true);
userresponse = data->set.chunk_bgn(
- finfo, wildcard->customptr, (int)wildcard->filelist.size);
+ finfo, data->set.wildcardptr, (int)wildcard->filelist.size);
Curl_set_in_callback(data, false);
switch(userresponse) {
case CURL_CHUNK_BGN_FUNC_SKIP:
@@ -3915,7 +3955,7 @@ static CURLcode wc_statemach(struct Curl_easy *data)
case CURLWC_SKIP: {
if(data->set.chunk_end) {
Curl_set_in_callback(data, true);
- data->set.chunk_end(data->wildcard.customptr);
+ data->set.chunk_end(data->set.wildcardptr);
Curl_set_in_callback(data, false);
}
Curl_llist_remove(&wildcard->filelist, wildcard->filelist.head, NULL);
@@ -3925,7 +3965,7 @@ static CURLcode wc_statemach(struct Curl_easy *data)
}
case CURLWC_CLEAN: {
- struct ftp_wc *ftpwc = wildcard->protdata;
+ struct ftp_wc *ftpwc = wildcard->ftpwc;
result = CURLE_OK;
if(ftpwc)
result = Curl_ftp_parselist_geterror(ftpwc->parser);
@@ -3938,7 +3978,7 @@ static CURLcode wc_statemach(struct Curl_easy *data)
case CURLWC_ERROR:
case CURLWC_CLEAR:
if(wildcard->dtor)
- wildcard->dtor(wildcard->protdata);
+ wildcard->dtor(wildcard->ftpwc);
return result;
}
}
@@ -3965,8 +4005,8 @@ static CURLcode ftp_do(struct Curl_easy *data, bool *done)
if(data->state.wildcardmatch) {
result = wc_statemach(data);
- if(data->wildcard.state == CURLWC_SKIP ||
- data->wildcard.state == CURLWC_DONE) {
+ if(data->wildcard->state == CURLWC_SKIP ||
+ data->wildcard->state == CURLWC_DONE) {
/* do not call ftp_regular_transfer */
return CURLE_OK;
}
@@ -4052,6 +4092,8 @@ static CURLcode ftp_disconnect(struct Curl_easy *data,
}
freedirs(ftpc);
+ Curl_safefree(ftpc->account);
+ Curl_safefree(ftpc->alternative_to_user);
Curl_safefree(ftpc->prevpath);
Curl_safefree(ftpc->server_os);
Curl_pp_disconnect(pp);
@@ -4321,11 +4363,31 @@ static CURLcode ftp_setup_connection(struct Curl_easy *data,
char *type;
struct FTP *ftp;
CURLcode result = CURLE_OK;
+ struct ftp_conn *ftpc = &conn->proto.ftpc;
- data->req.p.ftp = ftp = calloc(sizeof(struct FTP), 1);
+ ftp = calloc(sizeof(struct FTP), 1);
if(!ftp)
return CURLE_OUT_OF_MEMORY;
+ /* clone connection related data that is FTP specific */
+ if(data->set.str[STRING_FTP_ACCOUNT]) {
+ ftpc->account = strdup(data->set.str[STRING_FTP_ACCOUNT]);
+ if(!ftpc->account) {
+ free(ftp);
+ return CURLE_OUT_OF_MEMORY;
+ }
+ }
+ if(data->set.str[STRING_FTP_ALTERNATIVE_TO_USER]) {
+ ftpc->alternative_to_user =
+ strdup(data->set.str[STRING_FTP_ALTERNATIVE_TO_USER]);
+ if(!ftpc->alternative_to_user) {
+ Curl_safefree(ftpc->account);
+ free(ftp);
+ return CURLE_OUT_OF_MEMORY;
+ }
+ }
+ data->req.p.ftp = ftp;
+
ftp->path = &data->state.up.path[1]; /* don't include the initial slash */
/* FTP URLs support an extension like ";type=<typecode>" that
@@ -4360,7 +4422,9 @@ static CURLcode ftp_setup_connection(struct Curl_easy *data,
/* get some initial data into the ftp struct */
ftp->transfer = PPTRANSFER_BODY;
ftp->downloadsize = 0;
- conn->proto.ftpc.known_filesize = -1; /* unknown size for now */
+ ftpc->known_filesize = -1; /* unknown size for now */
+ ftpc->use_ssl = data->set.use_ssl;
+ ftpc->ccc = data->set.ftp_ccc;
return result;
}
diff --git a/libs/libcurl/src/ftp.h b/libs/libcurl/src/ftp.h
index 8395ee5619..dfd17fcc46 100644
--- a/libs/libcurl/src/ftp.h
+++ b/libs/libcurl/src/ftp.h
@@ -120,6 +120,8 @@ struct FTP {
struct */
struct ftp_conn {
struct pingpong pp;
+ char *account;
+ char *alternative_to_user;
char *entrypath; /* the PWD reply when we logged on */
char *file; /* url-decoded file name (or path) */
char **dirs; /* realloc()ed array for path components */
@@ -143,6 +145,9 @@ struct ftp_conn {
ftpstate state; /* always use ftp.c:state() to change state! */
ftpstate state_saved; /* transfer type saved to be reloaded after data
connection is established */
+ unsigned char use_ssl; /* if AUTH TLS is to be attempted etc, for FTP or
+ IMAP or POP3 or others! (type: curl_usessl)*/
+ unsigned char ccc; /* ccc level for this connection */
BIT(ftp_trying_alternative);
BIT(dont_check); /* Set to TRUE to prevent the final (post-transfer)
file size and 226/250 status check. It should still
diff --git a/libs/libcurl/src/ftplistparser.c b/libs/libcurl/src/ftplistparser.c
index c71ddadbb3..6ad56b9601 100644
--- a/libs/libcurl/src/ftplistparser.c
+++ b/libs/libcurl/src/ftplistparser.c
@@ -181,6 +181,43 @@ struct ftp_parselist_data {
} offsets;
};
+static void fileinfo_dtor(void *user, void *element)
+{
+ (void)user;
+ Curl_fileinfo_cleanup(element);
+}
+
+CURLcode Curl_wildcard_init(struct WildcardData *wc)
+{
+ Curl_llist_init(&wc->filelist, fileinfo_dtor);
+ wc->state = CURLWC_INIT;
+
+ return CURLE_OK;
+}
+
+void Curl_wildcard_dtor(struct WildcardData **wcp)
+{
+ struct WildcardData *wc = *wcp;
+ if(!wc)
+ return;
+
+ if(wc->dtor) {
+ wc->dtor(wc->ftpwc);
+ wc->dtor = ZERO_NULL;
+ wc->ftpwc = NULL;
+ }
+ DEBUGASSERT(wc->ftpwc == NULL);
+
+ Curl_llist_destroy(&wc->filelist, NULL);
+ free(wc->path);
+ wc->path = NULL;
+ free(wc->pattern);
+ wc->pattern = NULL;
+ wc->state = CURLWC_INIT;
+ free(wc);
+ *wcp = NULL;
+}
+
struct ftp_parselist_data *Curl_ftp_parselist_data_alloc(void)
{
return calloc(1, sizeof(struct ftp_parselist_data));
@@ -274,8 +311,8 @@ static CURLcode ftp_pl_insert_finfo(struct Curl_easy *data,
struct fileinfo *infop)
{
curl_fnmatch_callback compare;
- struct WildcardData *wc = &data->wildcard;
- struct ftp_wc *ftpwc = wc->protdata;
+ struct WildcardData *wc = data->wildcard;
+ struct ftp_wc *ftpwc = wc->ftpwc;
struct Curl_llist *llist = &wc->filelist;
struct ftp_parselist_data *parser = ftpwc->parser;
bool add = TRUE;
@@ -330,7 +367,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
{
size_t bufflen = size*nmemb;
struct Curl_easy *data = (struct Curl_easy *)connptr;
- struct ftp_wc *ftpwc = data->wildcard.protdata;
+ struct ftp_wc *ftpwc = data->wildcard->ftpwc;
struct ftp_parselist_data *parser = ftpwc->parser;
struct fileinfo *infop;
struct curl_fileinfo *finfo;
diff --git a/libs/libcurl/src/ftplistparser.h b/libs/libcurl/src/ftplistparser.h
index 509df48f0a..e789fc21cc 100644
--- a/libs/libcurl/src/ftplistparser.h
+++ b/libs/libcurl/src/ftplistparser.h
@@ -39,5 +39,39 @@ struct ftp_parselist_data *Curl_ftp_parselist_data_alloc(void);
void Curl_ftp_parselist_data_free(struct ftp_parselist_data **pl_data);
+/* list of wildcard process states */
+typedef enum {
+ CURLWC_CLEAR = 0,
+ CURLWC_INIT = 1,
+ CURLWC_MATCHING, /* library is trying to get list of addresses for
+ downloading */
+ CURLWC_DOWNLOADING,
+ CURLWC_CLEAN, /* deallocate resources and reset settings */
+ CURLWC_SKIP, /* skip over concrete file */
+ CURLWC_ERROR, /* error cases */
+ CURLWC_DONE /* if is wildcard->state == CURLWC_DONE wildcard loop
+ will end */
+} wildcard_states;
+
+typedef void (*wildcard_dtor)(void *ptr);
+
+/* struct keeping information about wildcard download process */
+struct WildcardData {
+ char *path; /* path to the directory, where we trying wildcard-match */
+ char *pattern; /* wildcard pattern */
+ struct Curl_llist filelist; /* llist with struct Curl_fileinfo */
+ struct ftp_wc *ftpwc; /* pointer to FTP wildcard data */
+ wildcard_dtor dtor;
+ unsigned char state; /* wildcard_states */
+};
+
+CURLcode Curl_wildcard_init(struct WildcardData *wc);
+void Curl_wildcard_dtor(struct WildcardData **wcp);
+
+struct Curl_easy;
+
+#else
+/* FTP is disabled */
+#define Curl_wildcard_dtor(x)
#endif /* CURL_DISABLE_FTP */
#endif /* HEADER_CURL_FTPLISTPARSER_H */
diff --git a/libs/libcurl/src/headers.c b/libs/libcurl/src/headers.c
index 051639b667..e05552dd3b 100644
--- a/libs/libcurl/src/headers.c
+++ b/libs/libcurl/src/headers.c
@@ -38,14 +38,13 @@
/* Generate the curl_header struct for the user. This function MUST assign all
struct fields in the output struct. */
-static void copy_header_external(struct Curl_easy *data,
- struct Curl_header_store *hs,
+static void copy_header_external(struct Curl_header_store *hs,
size_t index,
size_t amount,
struct Curl_llist_element *e,
- struct curl_header **hout)
+ struct curl_header *hout)
{
- struct curl_header *h = *hout = &data->state.headerout;
+ struct curl_header *h = hout;
h->name = hs->name;
h->value = hs->value;
h->amount = amount;
@@ -118,7 +117,9 @@ CURLHcode curl_easy_header(CURL *easy,
return CURLHE_MISSING;
}
/* this is the name we want */
- copy_header_external(data, hs, nameindex, amount, e_pick, hout);
+ copy_header_external(hs, nameindex, amount, e_pick,
+ &data->state.headerout[0]);
+ *hout = &data->state.headerout[0];
return CURLHE_OK;
}
@@ -132,7 +133,6 @@ struct curl_header *curl_easy_nextheader(CURL *easy,
struct Curl_llist_element *pick;
struct Curl_llist_element *e;
struct Curl_header_store *hs;
- struct curl_header *hout;
size_t amount = 0;
size_t index = 0;
@@ -179,8 +179,9 @@ struct curl_header *curl_easy_nextheader(CURL *easy,
index = amount - 1;
}
- copy_header_external(data, hs, index, amount, pick, &hout);
- return hout;
+ copy_header_external(hs, index, amount, pick,
+ &data->state.headerout[1]);
+ return &data->state.headerout[1];
}
static CURLcode namevalue(char *header, size_t hlen, unsigned int type,
diff --git a/libs/libcurl/src/hostasyn.c b/libs/libcurl/src/hostasyn.c
index d46576dcc0..59a009ce33 100644
--- a/libs/libcurl/src/hostasyn.c
+++ b/libs/libcurl/src/hostasyn.c
@@ -78,7 +78,7 @@ CURLcode Curl_addrinfo_callback(struct Curl_easy *data,
Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
dns = Curl_cache_addr(data, ai,
- data->state.async.hostname,
+ data->state.async.hostname, 0,
data->state.async.port);
if(data->share)
Curl_share_unlock(data, CURL_LOCK_DATA_DNS);
diff --git a/libs/libcurl/src/hostip.c b/libs/libcurl/src/hostip.c
index af5c18df43..0731075ba6 100644
--- a/libs/libcurl/src/hostip.c
+++ b/libs/libcurl/src/hostip.c
@@ -167,18 +167,25 @@ void Curl_printable_address(const struct Curl_addrinfo *ai, char *buf,
/*
* Create a hostcache id string for the provided host + port, to be used by
- * the DNS caching. Without alloc.
+ * the DNS caching. Without alloc. Return length of the id string.
*/
-static void
-create_hostcache_id(const char *name, int port, char *ptr, size_t buflen)
+static size_t
+create_hostcache_id(const char *name,
+ size_t nlen, /* 0 or actual name length */
+ int port, char *ptr, size_t buflen)
{
- size_t len = strlen(name);
+ size_t len = nlen ? nlen : strlen(name);
+ size_t olen = 0;
+ DEBUGASSERT(buflen >= MAX_HOSTCACHE_LEN);
if(len > (buflen - 7))
len = buflen - 7;
/* store and lower case the name */
- while(len--)
+ while(len--) {
*ptr++ = Curl_raw_tolower(*name++);
- msnprintf(ptr, 7, ":%u", port);
+ olen++;
+ }
+ olen += msnprintf(ptr, 7, ":%u", port);
+ return olen;
}
struct hostcache_prune_data {
@@ -260,20 +267,18 @@ static struct Curl_dns_entry *fetch_addr(struct Curl_easy *data,
int port)
{
struct Curl_dns_entry *dns = NULL;
- size_t entry_len;
char entry_id[MAX_HOSTCACHE_LEN];
/* Create an entry id, based upon the hostname and port */
- create_hostcache_id(hostname, port, entry_id, sizeof(entry_id));
- entry_len = strlen(entry_id);
+ size_t entry_len = create_hostcache_id(hostname, 0, port,
+ entry_id, sizeof(entry_id));
/* See if its already in our dns cache */
dns = Curl_hash_pick(data->dns.hostcache, entry_id, entry_len + 1);
/* No entry found in cache, check if we might have a wildcard entry */
if(!dns && data->state.wildcard_resolve) {
- create_hostcache_id("*", port, entry_id, sizeof(entry_id));
- entry_len = strlen(entry_id);
+ entry_len = create_hostcache_id("*", 1, port, entry_id, sizeof(entry_id));
/* See if it's already in our dns cache */
dns = Curl_hash_pick(data->dns.hostcache, entry_id, entry_len + 1);
@@ -438,6 +443,7 @@ struct Curl_dns_entry *
Curl_cache_addr(struct Curl_easy *data,
struct Curl_addrinfo *addr,
const char *hostname,
+ size_t hostlen, /* length or zero */
int port)
{
char entry_id[MAX_HOSTCACHE_LEN];
@@ -461,8 +467,8 @@ Curl_cache_addr(struct Curl_easy *data,
}
/* Create an entry id, based upon the hostname and port */
- create_hostcache_id(hostname, port, entry_id, sizeof(entry_id));
- entry_len = strlen(entry_id);
+ entry_len = create_hostcache_id(hostname, hostlen, port,
+ entry_id, sizeof(entry_id));
dns->inuse = 1; /* the cache has the first reference */
dns->addr = addr; /* this is the address(es) */
@@ -791,7 +797,7 @@ enum resolve_t Curl_resolv(struct Curl_easy *data,
Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
/* we got a response, store it in the cache */
- dns = Curl_cache_addr(data, addr, hostname, port);
+ dns = Curl_cache_addr(data, addr, hostname, 0, port);
if(data->share)
Curl_share_unlock(data, CURL_LOCK_DATA_DNS);
@@ -1059,8 +1065,7 @@ void Curl_hostcache_clean(struct Curl_easy *data,
CURLcode Curl_loadhostpairs(struct Curl_easy *data)
{
struct curl_slist *hostp;
- char hostname[256];
- int port = 0;
+ char *host_end;
/* Default is no wildcard found */
data->state.wildcard_resolve = false;
@@ -1070,18 +1075,25 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data)
if(!hostp->data)
continue;
if(hostp->data[0] == '-') {
+ unsigned long num = 0;
size_t entry_len;
-
- if(2 != sscanf(hostp->data + 1, "%255[^:]:%d", hostname, &port)) {
- infof(data, "Couldn't parse CURLOPT_RESOLVE removal entry '%s'",
+ size_t hlen = 0;
+ host_end = strchr(&hostp->data[1], ':');
+
+ if(host_end) {
+ hlen = host_end - &hostp->data[1];
+ num = strtoul(++host_end, NULL, 10);
+ if(!hlen || (num > 0xffff))
+ host_end = NULL;
+ }
+ if(!host_end) {
+ infof(data, "Bad syntax CURLOPT_RESOLVE removal entry '%s'",
hostp->data);
continue;
}
-
/* Create an entry id, based upon the hostname and port */
- create_hostcache_id(hostname, port, entry_id, sizeof(entry_id));
- entry_len = strlen(entry_id);
-
+ entry_len = create_hostcache_id(&hostp->data[1], hlen, (int)num,
+ entry_id, sizeof(entry_id));
if(data->share)
Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
@@ -1102,25 +1114,22 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data)
char *addr_begin;
char *addr_end;
char *port_ptr;
+ int port = 0;
char *end_ptr;
bool permanent = TRUE;
- char *host_begin;
- char *host_end;
unsigned long tmp_port;
bool error = true;
+ char *host_begin = hostp->data;
+ size_t hlen = 0;
- host_begin = hostp->data;
if(host_begin[0] == '+') {
host_begin++;
permanent = FALSE;
}
host_end = strchr(host_begin, ':');
- if(!host_end ||
- ((host_end - host_begin) >= (ptrdiff_t)sizeof(hostname)))
+ if(!host_end)
goto err;
-
- memcpy(hostname, host_begin, host_end - host_begin);
- hostname[host_end - host_begin] = '\0';
+ hlen = host_end - host_begin;
port_ptr = host_end + 1;
tmp_port = strtoul(port_ptr, &end_ptr, 10);
@@ -1196,8 +1205,8 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data)
}
/* Create an entry id, based upon the hostname and port */
- create_hostcache_id(hostname, port, entry_id, sizeof(entry_id));
- entry_len = strlen(entry_id);
+ entry_len = create_hostcache_id(host_begin, hlen, port,
+ entry_id, sizeof(entry_id));
if(data->share)
Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
@@ -1206,8 +1215,8 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data)
dns = Curl_hash_pick(data->dns.hostcache, entry_id, entry_len + 1);
if(dns) {
- infof(data, "RESOLVE %s:%d is - old addresses discarded",
- hostname, port);
+ infof(data, "RESOLVE %.*s:%d is - old addresses discarded",
+ (int)hlen, host_begin, port);
/* delete old entry, there are two reasons for this
1. old entry may have different addresses.
2. even if entry with correct addresses is already in the cache,
@@ -1223,7 +1232,7 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data)
}
/* put this new host in the cache */
- dns = Curl_cache_addr(data, head, hostname, port);
+ dns = Curl_cache_addr(data, head, host_begin, hlen, port);
if(dns) {
if(permanent)
dns->timestamp = 0; /* mark as permanent */
@@ -1239,13 +1248,13 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data)
Curl_freeaddrinfo(head);
return CURLE_OUT_OF_MEMORY;
}
- infof(data, "Added %s:%d:%s to DNS cache%s",
- hostname, port, addresses, permanent ? "" : " (non-permanent)");
+ infof(data, "Added %.*s:%d:%s to DNS cache%s",
+ (int)hlen, host_begin, port, addresses,
+ permanent ? "" : " (non-permanent)");
/* Wildcard hostname */
- if(hostname[0] == '*' && hostname[1] == '\0') {
- infof(data, "RESOLVE %s:%d is wildcard, enabling wildcard checks",
- hostname, port);
+ if((hlen == 1) && (host_begin[0] == '*')) {
+ infof(data, "RESOLVE *:%d using wildcard", port);
data->state.wildcard_resolve = true;
}
}
diff --git a/libs/libcurl/src/hostip.h b/libs/libcurl/src/hostip.h
index 3628c950bc..018af6b5c7 100644
--- a/libs/libcurl/src/hostip.h
+++ b/libs/libcurl/src/hostip.h
@@ -178,7 +178,7 @@ Curl_fetch_addr(struct Curl_easy *data,
*/
struct Curl_dns_entry *
Curl_cache_addr(struct Curl_easy *data, struct Curl_addrinfo *addr,
- const char *hostname, int port);
+ const char *hostname, size_t hostlen, int port);
#ifndef INADDR_NONE
#define CURL_INADDR_NONE (in_addr_t) ~0
diff --git a/libs/libcurl/src/http.c b/libs/libcurl/src/http.c
index 4a3a4eb5b6..055e250e2d 100644
--- a/libs/libcurl/src/http.c
+++ b/libs/libcurl/src/http.c@@ -88,6 +88,7 @@
#include "hsts.h"
#include "ws.h"
#include "c-hyper.h"
+#include "curl_ctype.h"
/* The last 3 #include files should be in this order */
#include "curl_printf.h"
@@ -233,15 +234,12 @@ static CURLcode http_setup_conn(struct Curl_easy *data,
Curl_mime_initpart(&http->form);
data->req.p.http = http;
+ connkeep(conn, "HTTP default");
- if((data->state.httpwant == CURL_HTTP_VERSION_3)
- || (data->state.httpwant == CURL_HTTP_VERSION_3ONLY)) {
+ if(data->state.httpwant == CURL_HTTP_VERSION_3ONLY) {
CURLcode result = Curl_conn_may_http3(data, conn);
if(result)
return result;
-
- /* TODO: HTTP lower version eyeballing */
- conn->transport = TRNSPRT_QUIC;
}
return CURLE_OK;
@@ -2342,7 +2340,16 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn,
return result;
}
- if(http->postsize) {
+ /* For really small puts we don't use Expect: headers at all, and for
+ the somewhat bigger ones we allow the app to disable it. Just make
+ sure that the expect100header is always set to the preferred value
+ here. */
+ ptr = Curl_checkheaders(data, STRCONST("Expect"));
+ if(ptr) {
+ data->state.expect100header =
+ Curl_compareheader(ptr, STRCONST("Expect:"), STRCONST("100-continue"));
+ }
+ else if(http->postsize > EXPECT_100_THRESHOLD || http->postsize < 0) {
result = expect100(data, conn, r);
if(result)
return result;
@@ -4155,11 +4162,7 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
if(!k->headerline++) {
/* This is the first header, it MUST be the error code line
or else we consider this to be the body right away! */
- int httpversion_major;
- int rtspversion_major;
- int nc = 0;
-#define HEADER1 headp /* no conversion needed, just use headp */
-
+ bool fine_statusline = FALSE;
if(conn->handler->protocol & PROTO_FAMILY_HTTP) {
/*
* https://datatracker.ietf.org/doc/html/rfc7230#section-3.1.2
@@ -4168,39 +4171,60 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
* says. We allow any three-digit number here, but we cannot make
* guarantees on future behaviors since it isn't within the protocol.
*/
- char separator;
- char twoorthree[2];
int httpversion = 0;
- char digit4 = 0;
- nc = sscanf(HEADER1,
- " HTTP/%1d.%1d%c%3d%c",
- &httpversion_major,
- &httpversion,
- &separator,
- &k->httpcode,
- &digit4);
-
- if(nc == 1 && httpversion_major >= 2 &&
- 2 == sscanf(HEADER1, " HTTP/%1[23] %d", twoorthree, &k->httpcode)) {
- conn->httpversion = 0;
- nc = 4;
- separator = ' ';
- }
-
- /* There can only be a 4th response code digit stored in 'digit4' if
- all the other fields were parsed and stored first, so nc is 5 when
- digit4 a digit.
-
- The sscanf() line above will also allow zero-prefixed and negative
- numbers, so we check for that too here.
- */
- else if(ISDIGIT(digit4) || (nc >= 4 && k->httpcode < 100)) {
- failf(data, "Unsupported response code in HTTP response");
- return CURLE_UNSUPPORTED_PROTOCOL;
+ char *p = headp;
+
+ while(*p && ISBLANK(*p))
+ p++;
+ if(!strncmp(p, "HTTP/", 5)) {
+ p += 5;
+ switch(*p) {
+ case '1':
+ p++;
+ if((p[0] == '.') && (p[1] == '0' || p[1] == '1')) {
+ if(ISBLANK(p[2])) {
+ httpversion = 10 + (p[1] - '0');
+ p += 3;
+ if(ISDIGIT(p[0]) && ISDIGIT(p[1]) && ISDIGIT(p[2])) {
+ k->httpcode = (p[0] - '0') * 100 + (p[1] - '0') * 10 +
+ (p[2] - '0');
+ p += 3;
+ if(ISSPACE(*p))
+ fine_statusline = TRUE;
+ }
+ }
+ }
+ if(!fine_statusline) {
+ failf(data, "Unsupported HTTP/1 subversion in response");
+ return CURLE_UNSUPPORTED_PROTOCOL;
+ }
+ break;
+ case '2':
+ case '3':
+ if(!ISBLANK(p[1]))
+ break;
+ httpversion = (*p - '0') * 10;
+ p += 2;
+ if(ISDIGIT(p[0]) && ISDIGIT(p[1]) && ISDIGIT(p[2])) {
+ k->httpcode = (p[0] - '0') * 100 + (p[1] - '0') * 10 +
+ (p[2] - '0');
+ p += 3;
+ if(!ISSPACE(*p))
+ break;
+ fine_statusline = TRUE;
+ }
+ break;
+ default: /* unsupported */
+ failf(data, "Unsupported HTTP version in response");
+ return CURLE_UNSUPPORTED_PROTOCOL;
+ }
}
- if((nc >= 4) && (' ' == separator)) {
- httpversion += 10 * httpversion_major;
+ if(fine_statusline) {
+ if(k->httpcode < 100) {
+ failf(data, "Unsupported response code in HTTP response");
+ return CURLE_UNSUPPORTED_PROTOCOL;
+ }
switch(httpversion) {
case 10:
case 11:
@@ -4227,51 +4251,50 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
conn->bundle->multiuse = BUNDLE_NO_MULTIUSE;
}
}
- else if(!nc) {
- /* this is the real world, not a Nirvana
- NCSA 1.5.x returns this crap when asked for HTTP/1.1
- */
- nc = sscanf(HEADER1, " HTTP %3d", &k->httpcode);
- conn->httpversion = 10;
-
+ else {
/* If user has set option HTTP200ALIASES,
compare header line against list of aliases
*/
- if(!nc) {
- statusline check =
- checkhttpprefix(data,
- Curl_dyn_ptr(&data->state.headerb),
- Curl_dyn_len(&data->state.headerb));
- if(check == STATUS_DONE) {
- nc = 1;
- k->httpcode = 200;
- conn->httpversion = 10;
- }
+ statusline check =
+ checkhttpprefix(data,
+ Curl_dyn_ptr(&data->state.headerb),
+ Curl_dyn_len(&data->state.headerb));
+ if(check == STATUS_DONE) {
+ fine_statusline = TRUE;
+ k->httpcode = 200;
+ conn->httpversion = 10;
}
}
- else {
- failf(data, "Unsupported HTTP version in response");
- return CURLE_UNSUPPORTED_PROTOCOL;
- }
}
else if(conn->handler->protocol & CURLPROTO_RTSP) {
- char separator;
- int rtspversion;
- nc = sscanf(HEADER1,
- " RTSP/%1d.%1d%c%3d",
- &rtspversion_major,
- &rtspversion,
- &separator,
- &k->httpcode);
- if((nc == 4) && (' ' == separator)) {
- conn->httpversion = 11; /* For us, RTSP acts like HTTP 1.1 */
- }
- else {
- nc = 0;
+ char *p = headp;
+ while(*p && ISBLANK(*p))
+ p++;
+ if(!strncmp(p, "RTSP/", 5)) {
+ p += 5;
+ if(ISDIGIT(*p)) {
+ p++;
+ if((p[0] == '.') && ISDIGIT(p[1])) {
+ if(ISBLANK(p[2])) {
+ p += 3;
+ if(ISDIGIT(p[0]) && ISDIGIT(p[1]) && ISDIGIT(p[2])) {
+ k->httpcode = (p[0] - '0') * 100 + (p[1] - '0') * 10 +
+ (p[2] - '0');
+ p += 3;
+ if(ISSPACE(*p)) {
+ fine_statusline = TRUE;
+ conn->httpversion = 11; /* RTSP acts like HTTP 1.1 */
+ }
+ }
+ }
+ }
+ }
+ if(!fine_statusline)
+ return CURLE_WEIRD_SERVER_REPLY;
}
}
- if(nc) {
+ if(fine_statusline) {
result = Curl_http_statusline(data, conn);
if(result)
return result;
diff --git a/libs/libcurl/src/http2.c b/libs/libcurl/src/http2.c
index 8d72977e59..4defa7e2f7 100644
--- a/libs/libcurl/src/http2.c
+++ b/libs/libcurl/src/http2.c
@@ -98,7 +98,6 @@ static size_t populate_binsettings(uint8_t *binsettings,
struct cf_h2_ctx {
nghttp2_session *h2;
uint32_t max_concurrent_streams;
- bool enable_push;
/* The easy handle used in the current filter call, cleared at return */
struct cf_call_data call_data;
@@ -116,6 +115,10 @@ struct cf_h2_ctx {
int32_t pause_stream_id; /* stream ID which paused
nghttp2_session_mem_recv */
size_t drain_total; /* sum of all stream's UrlState.drain */
+ int32_t goaway_error;
+ int32_t last_stream_id;
+ BIT(goaway);
+ BIT(enable_push);
};
/* How to access `call_data` from a cf_h2 filter */
@@ -363,6 +366,15 @@ static void http2_stream_free(struct HTTP *stream)
}
}
+/*
+ * Returns nonzero if current HTTP/2 session should be closed.
+ */
+static int should_close_session(struct cf_h2_ctx *ctx)
+{
+ return ctx->drain_total == 0 && !nghttp2_session_want_read(ctx->h2) &&
+ !nghttp2_session_want_write(ctx->h2);
+}
+
/*
* The server may send us data at any point (e.g. PING frames). Therefore,
* we cannot assume that an HTTP/2 socket is dead just because it is readable.
@@ -370,35 +382,27 @@ static void http2_stream_free(struct HTTP *stream)
* Check the lower filters first and, if successful, peek at the socket
* and distinguish between closed and data.
*/
-static bool http2_connisdead(struct Curl_cfilter *cf, struct Curl_easy *data)
+static bool http2_connisalive(struct Curl_cfilter *cf, struct Curl_easy *data,
+ bool *input_pending)
{
struct cf_h2_ctx *ctx = cf->ctx;
- int sval;
- bool dead = TRUE;
+ bool alive = TRUE;
- if(!cf->next || !cf->next->cft->is_alive(cf->next, data))
- return TRUE;
+ *input_pending = FALSE;
+ if(!cf->next || !cf->next->cft->is_alive(cf->next, data, input_pending))
+ return FALSE;
- sval = SOCKET_READABLE(Curl_conn_cf_get_socket(cf, data), 0);
- if(sval == 0) {
- /* timeout */
- dead = FALSE;
- }
- else if(sval & CURL_CSELECT_ERR) {
- /* socket is in an error state */
- dead = TRUE;
- }
- else if(sval & CURL_CSELECT_IN) {
+ if(*input_pending) {
/* This happens before we've sent off a request and the connection is
not in use by any other transfer, there shouldn't be any data here,
only "protocol frames" */
CURLcode result;
ssize_t nread = -1;
+ *input_pending = FALSE;
Curl_attach_connection(data, cf->conn);
nread = Curl_conn_cf_recv(cf->next, data,
ctx->inbuf, H2_BUFSIZE, &result);
- dead = FALSE;
if(nread != -1) {
DEBUGF(LOG_CF(data, cf, "%d bytes stray data read before trying "
"h2 connection", (int)nread));
@@ -406,15 +410,19 @@ static bool http2_connisdead(struct Curl_cfilter *cf, struct Curl_easy *data)
ctx->inbuflen = nread;
if(h2_process_pending_input(cf, data, &result) < 0)
/* immediate error, considered dead */
- dead = TRUE;
+ alive = FALSE;
+ else {
+ alive = !should_close_session(ctx);
+ }
}
- else
+ else {
/* the read failed so let's say this is dead anyway */
- dead = TRUE;
+ alive = FALSE;
+ }
Curl_detach_connection(data);
}
- return dead;
+ return alive;
}
static CURLcode http2_send_ping(struct Curl_cfilter *cf,
@@ -815,7 +823,7 @@ static int on_frame_recv(nghttp2_session *session, const nghttp2_frame *frame,
ctx->max_concurrent_streams = nghttp2_session_get_remote_settings(
session, NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS);
ctx->enable_push = nghttp2_session_get_remote_settings(
- session, NGHTTP2_SETTINGS_ENABLE_PUSH);
+ session, NGHTTP2_SETTINGS_ENABLE_PUSH) != 0;
DEBUGF(LOG_CF(data, cf, "MAX_CONCURRENT_STREAMS == %d",
ctx->max_concurrent_streams));
DEBUGF(LOG_CF(data, cf, "ENABLE_PUSH == %s",
@@ -829,9 +837,12 @@ static int on_frame_recv(nghttp2_session *session, const nghttp2_frame *frame,
break;
}
case NGHTTP2_GOAWAY:
+ ctx->goaway = TRUE;
+ ctx->goaway_error = frame->goaway.error_code;
+ ctx->last_stream_id = frame->goaway.last_stream_id;
if(data) {
infof(data, "recveived GOAWAY, error=%d, last_stream=%u",
- frame->goaway.error_code, frame->goaway.last_stream_id);
+ ctx->goaway_error, ctx->last_stream_id);
multi_connchanged(data->multi);
}
break;
@@ -858,7 +869,7 @@ static int on_frame_recv(nghttp2_session *session, const nghttp2_frame *frame,
switch(frame->hd.type) {
case NGHTTP2_DATA:
- /* If body started on this stream, then receiving DATA is illegal. */
+ /* If !body started on this stream, then receiving DATA is illegal. */
DEBUGF(LOG_CF(data_s, cf, "[h2sid=%u] recv frame DATA", stream_id));
if(!stream->bodystarted) {
rv = nghttp2_submit_rst_stream(session, NGHTTP2_FLAG_NONE,
@@ -940,7 +951,21 @@ static int on_frame_recv(nghttp2_session *session, const nghttp2_frame *frame,
break;
case NGHTTP2_RST_STREAM:
DEBUGF(LOG_CF(data_s, cf, "[h2sid=%u] recv RST", stream_id));
+ stream->closed = TRUE;
stream->reset = TRUE;
+ drain_this(cf, data);
+ Curl_expire(data, 0, EXPIRE_RUN_NOW);
+ break;
+ case NGHTTP2_WINDOW_UPDATE:
+ DEBUGF(LOG_CF(data, cf, "[h2sid=%u] recv WINDOW_UPDATE", stream_id));
+ if((data_s->req.keepon & KEEP_SEND_HOLD) &&
+ (data_s->req.keepon & KEEP_SEND)) {
+ data_s->req.keepon &= ~KEEP_SEND_HOLD;
+ drain_this(cf, data_s);
+ Curl_expire(data_s, 0, EXPIRE_RUN_NOW);
+ DEBUGF(LOG_CF(data, cf, "[h2sid=%u] un-holding after win update",
+ stream_id));
+ }
break;
default:
DEBUGF(LOG_CF(data_s, cf, "[h2sid=%u] recv frame %x",
@@ -1006,18 +1031,6 @@ static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags,
return NGHTTP2_ERR_PAUSE;
}
-#if 0
- /* pause execution of nghttp2 if we received data for another handle
- in order to process them first. */
- if(CF_DATA_CURRENT(cf) != data_s) {
- ctx->pause_stream_id = stream_id;
- DEBUGF(LOG_CF(data_s, cf, "[h2sid=%u] not call_data -> NGHTTP2_ERR_PAUSE",
- stream_id));
- drain_this(cf, data_s);
- return NGHTTP2_ERR_PAUSE;
- }
-#endif
-
return 0;
}
@@ -1030,44 +1043,43 @@ static int on_stream_close(nghttp2_session *session, int32_t stream_id,
struct HTTP *stream;
int rv;
(void)session;
- (void)stream_id;
- if(stream_id) {
- /* get the stream from the hash based on Stream ID, stream ID zero is for
- connection-oriented stuff */
- data_s = nghttp2_session_get_stream_user_data(session, stream_id);
- if(!data_s) {
- /* We could get stream ID not in the hash. For example, if we
- decided to reject stream (e.g., PUSH_PROMISE). */
- return 0;
- }
- DEBUGF(LOG_CF(data_s, cf, "[h2sid=%u] on_stream_close(), %s (err %d)",
- stream_id, nghttp2_http2_strerror(error_code), error_code));
- stream = data_s->req.p.http;
- if(!stream)
- return NGHTTP2_ERR_CALLBACK_FAILURE;
+ /* get the stream from the hash based on Stream ID, stream ID zero is for
+ connection-oriented stuff */
+ data_s = stream_id?
+ nghttp2_session_get_stream_user_data(session, stream_id) : NULL;
+ if(!data_s) {
+ return 0;
+ }
+ stream = data_s->req.p.http;
+ DEBUGF(LOG_CF(data_s, cf, "[h2sid=%u] on_stream_close(), %s (err %d)",
+ stream_id, nghttp2_http2_strerror(error_code), error_code));
+ if(!stream)
+ return NGHTTP2_ERR_CALLBACK_FAILURE;
- stream->closed = TRUE;
- if(CF_DATA_CURRENT(cf) != data_s) {
- drain_this(cf, data_s);
- Curl_expire(data_s, 0, EXPIRE_RUN_NOW);
- }
- stream->error = error_code;
+ stream->closed = TRUE;
+ stream->error = error_code;
+ if(stream->error)
+ stream->reset = TRUE;
- /* remove the entry from the hash as the stream is now gone */
- rv = nghttp2_session_set_stream_user_data(session, stream_id, 0);
- if(rv) {
- infof(data_s, "http/2: failed to clear user_data for stream %u",
- stream_id);
- DEBUGASSERT(0);
- }
- if(stream_id == ctx->pause_stream_id) {
- DEBUGF(LOG_CF(data_s, cf, "[h2sid=%u] closed the pause stream",
- stream_id));
- ctx->pause_stream_id = 0;
- }
- DEBUGF(LOG_CF(data_s, cf, "[h2sid=%u] closed, cleared", stream_id));
+ if(CF_DATA_CURRENT(cf) != data_s) {
+ drain_this(cf, data_s);
+ Curl_expire(data_s, 0, EXPIRE_RUN_NOW);
}
+
+ /* remove `data_s` from the nghttp2 stream */
+ rv = nghttp2_session_set_stream_user_data(session, stream_id, 0);
+ if(rv) {
+ infof(data_s, "http/2: failed to clear user_data for stream %u",
+ stream_id);
+ DEBUGASSERT(0);
+ }
+ if(stream_id == ctx->pause_stream_id) {
+ DEBUGF(LOG_CF(data_s, cf, "[h2sid=%u] closed the pause stream",
+ stream_id));
+ ctx->pause_stream_id = 0;
+ }
+ DEBUGF(LOG_CF(data_s, cf, "[h2sid=%u] closed now", stream_id));
return 0;
}
@@ -1383,7 +1395,8 @@ static void http2_data_done(struct Curl_cfilter *cf,
ctx->pause_stream_id = 0;
}
- if(premature || (!stream->closed && stream->stream_id)) {
+ (void)premature;
+ if(!stream->closed && stream->stream_id) {
/* RST_STREAM */
DEBUGF(LOG_CF(data, cf, "[h2sid=%u] RST", stream->stream_id));
if(!nghttp2_submit_rst_stream(ctx->h2, NGHTTP2_FLAG_NONE,
@@ -1445,15 +1458,6 @@ CURLcode Curl_http2_request_upgrade(struct dynbuf *req,
return result;
}
-/*
- * Returns nonzero if current HTTP/2 session should be closed.
- */
-static int should_close_session(struct cf_h2_ctx *ctx)
-{
- return ctx->drain_total == 0 && !nghttp2_session_want_read(ctx->h2) &&
- !nghttp2_session_want_write(ctx->h2);
-}
-
/*
* h2_process_pending_input() processes pending input left in
* httpc->inbuf. Then, call h2_session_send() to send pending data.
@@ -1586,8 +1590,6 @@ static ssize_t http2_handle_stream_close(struct Curl_cfilter *cf,
}
}
- /* Reset to FALSE to prevent infinite loop in readwrite_data function. */
- stream->closed = FALSE;
if(stream->error == NGHTTP2_REFUSED_STREAM) {
DEBUGF(LOG_CF(data, cf, "[h2sid=%u] REFUSED_STREAM, try again on a new "
"connection", stream->stream_id));
@@ -1603,6 +1605,11 @@ static ssize_t http2_handle_stream_close(struct Curl_cfilter *cf,
*err = CURLE_HTTP2_STREAM;
return -1;
}
+ else if(stream->reset) {
+ failf(data, "HTTP/2 stream %u was reset", stream->stream_id);
+ *err = stream->bodystarted? CURLE_PARTIAL_FILE : CURLE_RECV_ERROR;
+ return -1;
+ }
if(!stream->bodystarted) {
failf(data, "HTTP/2 stream %u was closed cleanly, but before getting "
@@ -1638,7 +1645,7 @@ static ssize_t http2_handle_stream_close(struct Curl_cfilter *cf,
stream->close_handled = TRUE;
- DEBUGF(LOG_CF(data, cf, "http2_recv returns 0, http2_handle_stream_close"));
+ DEBUGF(LOG_CF(data, cf, "[h2sid=%u] closed cleanly", stream->stream_id));
return 0;
}
@@ -1720,9 +1727,29 @@ static ssize_t cf_h2_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
struct HTTP *stream = data->req.p.http;
ssize_t nread = -1;
struct cf_call_data save;
+ bool conn_is_closed = FALSE;
CF_DATA_SAVE(save, cf, data);
+ /* If the h2 session has told us to GOAWAY with an error AND
+ * indicated the highest stream id it has processes AND
+ * the stream we are trying to read has a higher id, this
+ * means we will most likely not receive any more for it.
+ * Treat this as if the server explicitly had RST the stream */
+ if((ctx->goaway && ctx->goaway_error &&
+ ctx->last_stream_id > 0 &&
+ ctx->last_stream_id < stream->stream_id)) {
+ stream->reset = TRUE;
+ }
+
+ /* If a stream is RST, it does not matter what state the h2 session
+ * is in, our answer to receiving data is always the same. */
+ if(stream->reset) {
+ *err = stream->bodystarted? CURLE_PARTIAL_FILE : CURLE_RECV_ERROR;
+ nread = -1;
+ goto out;
+ }
+
if(should_close_session(ctx)) {
DEBUGF(LOG_CF(data, cf, "http2_recv: nothing to do in this session"));
if(cf->conn->bits.close) {
@@ -1763,7 +1790,7 @@ static ssize_t cf_h2_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
goto out;
}
- DEBUGF(LOG_CF(data, cf, "[h2sid=%u] recv: win %u/%u",
+ DEBUGF(LOG_CF(data, cf, "[h2sid=%u] cf_recv: win %u/%u",
stream->stream_id,
nghttp2_session_get_local_window_size(ctx->h2),
nghttp2_session_get_stream_local_window_size(ctx->h2,
@@ -1846,57 +1873,40 @@ static ssize_t cf_h2_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
stream->memlen = 0;
if(ctx->inbuflen > 0) {
- DEBUGF(LOG_CF(data, cf, "Use data left in connection buffer, nread=%zd",
- ctx->inbuflen - ctx->nread_inbuf));
+ DEBUGF(LOG_CF(data, cf, "[h2sid=%u] %zd bytes in inbuf",
+ stream->stream_id, ctx->inbuflen - ctx->nread_inbuf));
if(h2_process_pending_input(cf, data, err))
return -1;
}
- while(stream->memlen == 0 /* have no data for this stream */
- && !ctx->pause_stream_id /* we are not paused either */
- && ctx->inbuflen == 0) { /* and out input buffer is empty */
+ while(stream->memlen == 0 && /* have no data for this stream */
+ !stream->closed && /* and it is not closed/reset */
+ !ctx->pause_stream_id && /* we are not paused either */
+ ctx->inbuflen == 0 && /* and out input buffer is empty */
+ !conn_is_closed) { /* and connection is not closed */
/* Receive data from the "lower" filters */
nread = Curl_conn_cf_recv(cf->next, data, ctx->inbuf, H2_BUFSIZE, err);
if(nread < 0) {
- if(*err != CURLE_AGAIN)
- failf(data, "Failed receiving HTTP2 data");
- else if(stream->closed) {
- /* received when the stream was already closed! */
- nread = http2_handle_stream_close(cf, data, stream, err);
- goto out;
+ DEBUGASSERT(*err);
+ if(*err == CURLE_AGAIN) {
+ break;
}
-
- /* nothing to read from the lower layers, clear drain */
- drained_transfer(cf, data);
- nread = -1;
- goto out;
+ failf(data, "Failed receiving HTTP2 data");
+ conn_is_closed = TRUE;
}
else if(nread == 0) {
- if(!stream->closed) {
- /* This will happen when the server or proxy server is SIGKILLed
- during data transfer. We should emit an error since our data
- received may be incomplete. */
- failf(data, "HTTP/2 stream %u was not closed cleanly before"
- " end of the underlying stream",
- stream->stream_id);
- drained_transfer(cf, data);
- *err = CURLE_PARTIAL_FILE;
- nread = -1;
- goto out;
- }
-
- DEBUGF(LOG_CF(data, cf, "[h2sid=%u] end of stream",
+ DEBUGF(LOG_CF(data, cf, "[h2sid=%u] underlying connection is closed",
stream->stream_id));
- *err = CURLE_OK;
- nread = 0;
- goto out;
+ conn_is_closed = TRUE;
+ }
+ else {
+ DEBUGF(LOG_CF(data, cf, "[h2sid=%u] read %zd from connection",
+ stream->stream_id, nread));
+ ctx->inbuflen = nread;
+ DEBUGASSERT(ctx->nread_inbuf == 0);
+ if(h2_process_pending_input(cf, data, err))
+ return -1;
}
-
- DEBUGF(LOG_CF(data, cf, "read %zd from connection", nread));
- ctx->inbuflen = nread;
- DEBUGASSERT(ctx->nread_inbuf == 0);
- if(h2_process_pending_input(cf, data, err))
- return -1;
}
}
@@ -1933,11 +1943,18 @@ static ssize_t cf_h2_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
*err = CURLE_OK;
nread = retlen;
- DEBUGF(LOG_CF(data, cf, "[h2sid=%u] cf_h2_recv -> %zd",
- stream->stream_id, nread));
goto out;
}
+ if(conn_is_closed && !stream->closed) {
+ /* underlying connection is closed and we have nothing for the stream.
+ * Treat this as a RST */
+ stream->closed = stream->reset = TRUE;
+ failf(data, "HTTP/2 stream %u was not closed cleanly before"
+ " end of the underlying connection",
+ stream->stream_id);
+ }
+
if(stream->closed) {
nread = http2_handle_stream_close(cf, data, stream, err);
goto out;
@@ -1950,9 +1967,9 @@ static ssize_t cf_h2_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
}
*err = CURLE_AGAIN;
nread = -1;
- DEBUGF(LOG_CF(data, cf, "[h2sid=%u] recv -> AGAIN",
- stream->stream_id));
out:
+ DEBUGF(LOG_CF(data, cf, "[h2sid=%u] cf_recv -> %zd, %d",
+ stream->stream_id, nread, *err));
CF_DATA_RESTORE(cf, save);
return nread;
}
@@ -1976,19 +1993,20 @@ static ssize_t cf_h2_send(struct Curl_cfilter *cf, struct Curl_easy *data,
CURLcode result;
struct h2h3req *hreq;
struct cf_call_data save;
+ ssize_t nwritten;
CF_DATA_SAVE(save, cf, data);
- DEBUGF(LOG_CF(data, cf, "send len=%zu", len));
+ DEBUGF(LOG_CF(data, cf, "cf_send(len=%zu) start", len));
if(stream->stream_id != -1) {
if(stream->close_handled) {
infof(data, "stream %u closed", stream->stream_id);
*err = CURLE_HTTP2_STREAM;
- len = -1;
+ nwritten = -1;
goto out;
}
else if(stream->closed) {
- len = http2_handle_stream_close(cf, data, stream, err);
+ nwritten = http2_handle_stream_close(cf, data, stream, err);
goto out;
}
/* If stream_id != -1, we have dispatched request HEADERS, and now
@@ -1998,26 +2016,24 @@ static ssize_t cf_h2_send(struct Curl_cfilter *cf, struct Curl_easy *data,
rv = nghttp2_session_resume_data(ctx->h2, stream->stream_id);
if(nghttp2_is_fatal(rv)) {
*err = CURLE_SEND_ERROR;
- len = -1;
+ nwritten = -1;
goto out;
}
result = h2_session_send(cf, data);
if(result) {
*err = result;
- len = -1;
+ nwritten = -1;
goto out;
}
- len -= stream->upload_len;
- /* Nullify here because we call nghttp2_session_send() and they
- might refer to the old buffer. */
+ nwritten = (ssize_t)len - (ssize_t)stream->upload_len;
stream->upload_mem = NULL;
stream->upload_len = 0;
if(should_close_session(ctx)) {
DEBUGF(LOG_CF(data, cf, "send: nothing to do in this session"));
*err = CURLE_HTTP2;
- len = -1;
+ nwritten = -1;
goto out;
}
@@ -2029,26 +2045,36 @@ static ssize_t cf_h2_send(struct Curl_cfilter *cf, struct Curl_easy *data,
nghttp2_session_resume_data(ctx->h2, stream->stream_id);
}
-#ifdef DEBUG_HTTP2
- if(!len) {
- infof(data, "http2_send: easy %p (stream %u) win %u/%u",
- data, stream->stream_id,
- nghttp2_session_get_remote_window_size(ctx->h2),
- nghttp2_session_get_stream_remote_window_size(ctx->h2,
- stream->stream_id)
- );
-
+ if(!nwritten) {
+ size_t rwin = nghttp2_session_get_stream_remote_window_size(ctx->h2,
+ stream->stream_id);
+ DEBUGF(LOG_CF(data, cf, "[h2sid=%u] cf_send: win %u/%zu",
+ stream->stream_id,
+ nghttp2_session_get_remote_window_size(ctx->h2), rwin));
+ if(rwin == 0) {
+ /* We cannot upload more as the stream's remote window size
+ * is 0. We need to receive WIN_UPDATEs before we can continue.
+ */
+ data->req.keepon |= KEEP_SEND_HOLD;
+ DEBUGF(LOG_CF(data, cf, "[h2sid=%u] holding send as remote flow "
+ "window is exhausted", stream->stream_id));
+ }
}
- infof(data, "http2_send returns %zu for stream %u", len,
- stream->stream_id);
-#endif
+ DEBUGF(LOG_CF(data, cf, "[h2sid=%u] cf_send returns %zd ",
+ stream->stream_id, nwritten));
+
+ /* handled writing BODY for open stream. */
goto out;
}
-
+ /* Stream has not been opened yet. `buf` is expected to contain
+ * request headers. */
+ /* TODO: this assumes that the `buf` and `len` we are called with
+ * is *all* HEADERs and no body. We have no way to determine here
+ * if that is indeed the case. */
result = Curl_pseudo_headers(data, buf, len, NULL, &hreq);
if(result) {
*err = result;
- len = -1;
+ nwritten = -1;
goto out;
}
nheader = hreq->entries;
@@ -2057,7 +2083,7 @@ static ssize_t cf_h2_send(struct Curl_cfilter *cf, struct Curl_easy *data,
if(!nva) {
Curl_pseudo_free(hreq);
*err = CURLE_OUT_OF_MEMORY;
- len = -1;
+ nwritten = -1;
goto out;
}
else {
@@ -2104,25 +2130,28 @@ static ssize_t cf_h2_send(struct Curl_cfilter *cf, struct Curl_easy *data,
DEBUGF(LOG_CF(data, cf, "send: nghttp2_submit_request error (%s)%u",
nghttp2_strerror(stream_id), stream_id));
*err = CURLE_SEND_ERROR;
- len = -1;
+ nwritten = -1;
goto out;
}
infof(data, "Using Stream ID: %u (easy handle %p)",
stream_id, (void *)data);
stream->stream_id = stream_id;
+ /* See TODO above. We assume that the whole buf was consumed by
+ * generating the request headers. */
+ nwritten = len;
result = h2_session_send(cf, data);
if(result) {
*err = result;
- len = -1;
+ nwritten = -1;
goto out;
}
if(should_close_session(ctx)) {
DEBUGF(LOG_CF(data, cf, "send: nothing to do in this session"));
*err = CURLE_HTTP2;
- len = -1;
+ nwritten = -1;
goto out;
}
@@ -2137,7 +2166,7 @@ static ssize_t cf_h2_send(struct Curl_cfilter *cf, struct Curl_easy *data,
out:
CF_DATA_RESTORE(cf, save);
- return len;
+ return nwritten;
}
static int cf_h2_get_select_socks(struct Curl_cfilter *cf,
@@ -2160,7 +2189,7 @@ static int cf_h2_get_select_socks(struct Curl_cfilter *cf,
/* we're (still uploading OR the HTTP/2 layer wants to send data) AND
there's a window to send data in */
- if((((k->keepon & (KEEP_SEND|KEEP_SEND_PAUSE)) == KEEP_SEND) ||
+ if((((k->keepon & KEEP_SENDBITS) == KEEP_SEND) ||
nghttp2_session_want_write(ctx->h2)) &&
(nghttp2_session_get_remote_window_size(ctx->h2) &&
nghttp2_session_get_stream_remote_window_size(ctx->h2,
@@ -2329,14 +2358,17 @@ static bool cf_h2_data_pending(struct Curl_cfilter *cf,
}
static bool cf_h2_is_alive(struct Curl_cfilter *cf,
- struct Curl_easy *data)
+ struct Curl_easy *data,
+ bool *input_pending)
{
struct cf_h2_ctx *ctx = cf->ctx;
CURLcode result;
struct cf_call_data save;
CF_DATA_SAVE(save, cf, data);
- result = (ctx && ctx->h2 && !http2_connisdead(cf, data));
+ result = (ctx && ctx->h2 && http2_connisalive(cf, data, input_pending));
+ DEBUGF(LOG_CF(data, cf, "conn alive -> %d, input_pending=%d",
+ result, *input_pending));
CF_DATA_RESTORE(cf, save);
return result;
}
@@ -2479,7 +2511,8 @@ bool Curl_http2_may_switch(struct Curl_easy *data,
int sockindex)
{
(void)sockindex;
- if(data->state.httpwant == CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE) {
+ if(!Curl_conn_is_http2(data, conn, sockindex) &&
+ data->state.httpwant == CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE) {
#ifndef CURL_DISABLE_PROXY
if(conn->bits.httpproxy && !conn->bits.tunnel_proxy) {
/* We don't support HTTP/2 proxies yet. Also it's debatable
diff --git a/libs/libcurl/src/http_aws_sigv4.c b/libs/libcurl/src/http_aws_sigv4.c
index fa9af9fd97..24228d2e65 100644
--- a/libs/libcurl/src/http_aws_sigv4.c
+++ b/libs/libcurl/src/http_aws_sigv4.c
@@ -58,13 +58,15 @@
#define TIMESTAMP_SIZE 17
-static void sha256_to_hex(char *dst, unsigned char *sha, size_t dst_l)
+/* hex-encoded with trailing null */
+#define SHA256_HEX_LENGTH (2 * SHA256_DIGEST_LENGTH + 1)
+
+static void sha256_to_hex(char *dst, unsigned char *sha)
{
int i;
- DEBUGASSERT(dst_l >= 65);
- for(i = 0; i < 32; ++i) {
- msnprintf(dst + (i * 2), dst_l - (i * 2), "%02x", sha[i]);
+ for(i = 0; i < SHA256_DIGEST_LENGTH; ++i) {
+ msnprintf(dst + (i * 2), SHA256_HEX_LENGTH - (i * 2), "%02x", sha[i]);
}
}
@@ -135,6 +137,7 @@ static CURLcode make_headers(struct Curl_easy *data,
char *timestamp,
char *provider1,
char **date_header,
+ char *content_sha256_header,
struct dynbuf *canonical_headers,
struct dynbuf *signed_headers)
{
@@ -189,6 +192,13 @@ static CURLcode make_headers(struct Curl_easy *data,
}
+ if (*content_sha256_header) {
+ tmp_head = curl_slist_append(head, content_sha256_header);
+ if(!tmp_head)
+ goto fail;
+ head = tmp_head;
+ }
+
for(l = data->set.headers; l; l = l->next) {
tmp_head = curl_slist_append(head, l->data);
if(!tmp_head)
@@ -267,6 +277,9 @@ fail:
}
#define CONTENT_SHA256_KEY_LEN (MAX_SIGV4_LEN + sizeof("X--Content-Sha256"))
+/* add 2 for ": " between header name and value */
+#define CONTENT_SHA256_HDR_LEN (CONTENT_SHA256_KEY_LEN + 2 + \
+ SHA256_HEX_LENGTH)
/* try to parse a payload hash from the content-sha256 header */
static char *parse_content_sha_hdr(struct Curl_easy *data,
@@ -300,6 +313,63 @@ static char *parse_content_sha_hdr(struct Curl_easy *data,
return value;
}
+static CURLcode calc_payload_hash(struct Curl_easy *data,
+ unsigned char *sha_hash, char *sha_hex)
+{
+ const char *post_data = data->set.postfields;
+ size_t post_data_len = 0;
+ CURLcode result;
+
+ if(post_data) {
+ if(data->set.postfieldsize < 0)
+ post_data_len = strlen(post_data);
+ else
+ post_data_len = (size_t)data->set.postfieldsize;
+ }
+ result = Curl_sha256it(sha_hash, (const unsigned char *) post_data,
+ post_data_len);
+ if(!result)
+ sha256_to_hex(sha_hex, sha_hash);
+ return result;
+}
+
+#define S3_UNSIGNED_PAYLOAD "UNSIGNED-PAYLOAD"
+
+static CURLcode calc_s3_payload_hash(struct Curl_easy *data,
+ Curl_HttpReq httpreq, char *provider1,
+ unsigned char *sha_hash,
+ char *sha_hex, char *header)
+{
+ bool empty_method = (httpreq == HTTPREQ_GET || httpreq == HTTPREQ_HEAD);
+ /* The request method or filesize indicate no request payload */
+ bool empty_payload = (empty_method || data->set.filesize == 0);
+ /* The POST payload is in memory */
+ bool post_payload = (httpreq == HTTPREQ_POST && data->set.postfields);
+ CURLcode ret = CURLE_OUT_OF_MEMORY;
+
+ if(empty_payload || post_payload) {
+ /* Calculate a real hash when we know the request payload */
+ ret = calc_payload_hash(data, sha_hash, sha_hex);
+ if(ret)
+ goto fail;
+ }
+ else {
+ /* Fall back to s3's UNSIGNED-PAYLOAD */
+ size_t len = sizeof(S3_UNSIGNED_PAYLOAD) - 1;
+ DEBUGASSERT(len < SHA256_HEX_LENGTH); /* 16 < 65 */
+ memcpy(sha_hex, S3_UNSIGNED_PAYLOAD, len);
+ sha_hex[len] = 0;
+ }
+
+ /* format the required content-sha256 header */
+ msnprintf(header, CONTENT_SHA256_HDR_LEN,
+ "x-%s-content-sha256: %s", provider1, sha_hex);
+
+ ret = CURLE_OK;
+fail:
+ return ret;
+}
+
CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy)
{
CURLcode ret = CURLE_OUT_OF_MEMORY;
@@ -310,6 +380,7 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy)
char provider1[MAX_SIGV4_LEN + 1]="";
char region[MAX_SIGV4_LEN + 1]="";
char service[MAX_SIGV4_LEN + 1]="";
+ bool sign_as_s3 = false;
const char *hostname = conn->host.name;
time_t clock;
struct tm tm;
@@ -318,20 +389,21 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy)
struct dynbuf canonical_headers;
struct dynbuf signed_headers;
char *date_header = NULL;
+ Curl_HttpReq httpreq;
+ const char *method = NULL;
char *payload_hash = NULL;
size_t payload_hash_len = 0;
- const char *post_data = data->set.postfields;
- size_t post_data_len = 0;
- unsigned char sha_hash[32];
- char sha_hex[65];
+ unsigned char sha_hash[SHA256_DIGEST_LENGTH];
+ char sha_hex[SHA256_HEX_LENGTH];
+ char content_sha256_hdr[CONTENT_SHA256_HDR_LEN + 2] = ""; /* add \r\n */
char *canonical_request = NULL;
char *request_type = NULL;
char *credential_scope = NULL;
char *str_to_sign = NULL;
const char *user = data->state.aptr.user ? data->state.aptr.user : "";
char *secret = NULL;
- unsigned char sign0[32] = {0};
- unsigned char sign1[32] = {0};
+ unsigned char sign0[SHA256_DIGEST_LENGTH] = {0};
+ unsigned char sign1[SHA256_DIGEST_LENGTH] = {0};
char *auth_headers = NULL;
DEBUGASSERT(!proxy);
@@ -408,6 +480,29 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy)
}
}
+ Curl_http_method(data, conn, &method, &httpreq);
+
+ /* AWS S3 requires a x-amz-content-sha256 header, and supports special
+ * values like UNSIGNED-PAYLOAD */
+ sign_as_s3 = (strcasecompare(provider0, "aws") &&
+ strcasecompare(service, "s3"));
+
+ payload_hash = parse_content_sha_hdr(data, provider1, &payload_hash_len);
+
+ if(!payload_hash) {
+ if(sign_as_s3)
+ ret = calc_s3_payload_hash(data, httpreq, provider1, sha_hash,
+ sha_hex, content_sha256_hdr);
+ else
+ ret = calc_payload_hash(data, sha_hash, sha_hex);
+ if(ret)
+ goto fail;
+
+ payload_hash = sha_hex;
+ /* may be shorter than SHA256_HEX_LENGTH, like S3_UNSIGNED_PAYLOAD */
+ payload_hash_len = strlen(sha_hex);
+ }
+
#ifdef DEBUGBUILD
{
char *force_timestamp = getenv("CURL_FORCETIME");
@@ -429,54 +524,37 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy)
}
ret = make_headers(data, hostname, timestamp, provider1,
- &date_header, &canonical_headers, &signed_headers);
+ &date_header, content_sha256_hdr,
+ &canonical_headers, &signed_headers);
if(ret)
goto fail;
ret = CURLE_OUT_OF_MEMORY;
+ if(*content_sha256_hdr) {
+ /* make_headers() needed this without the \r\n for canonicalization */
+ size_t hdrlen = strlen(content_sha256_hdr);
+ DEBUGASSERT(hdrlen + 3 < sizeof(content_sha256_hdr));
+ memcpy(content_sha256_hdr + hdrlen, "\r\n", 3);
+ }
+
memcpy(date, timestamp, sizeof(date));
date[sizeof(date) - 1] = 0;
- payload_hash = parse_content_sha_hdr(data, provider1, &payload_hash_len);
-
- if(!payload_hash) {
- if(post_data) {
- if(data->set.postfieldsize < 0)
- post_data_len = strlen(post_data);
- else
- post_data_len = (size_t)data->set.postfieldsize;
- }
- if(Curl_sha256it(sha_hash, (const unsigned char *) post_data,
- post_data_len))
- goto fail;
-
- sha256_to_hex(sha_hex, sha_hash, sizeof(sha_hex));
- payload_hash = sha_hex;
- payload_hash_len = strlen(sha_hex);
- }
-
- {
- Curl_HttpReq httpreq;
- const char *method;
-
- Curl_http_method(data, conn, &method, &httpreq);
-
- canonical_request =
- curl_maprintf("%s\n" /* HTTPRequestMethod */
- "%s\n" /* CanonicalURI */
- "%s\n" /* CanonicalQueryString */
- "%s\n" /* CanonicalHeaders */
- "%s\n" /* SignedHeaders */
- "%.*s", /* HashedRequestPayload in hex */
- method,
- data->state.up.path,
- data->state.up.query ? data->state.up.query : "",
- Curl_dyn_ptr(&canonical_headers),
- Curl_dyn_ptr(&signed_headers),
- (int)payload_hash_len, payload_hash);
- if(!canonical_request)
- goto fail;
- }
+ canonical_request =
+ curl_maprintf("%s\n" /* HTTPRequestMethod */
+ "%s\n" /* CanonicalURI */
+ "%s\n" /* CanonicalQueryString */
+ "%s\n" /* CanonicalHeaders */
+ "%s\n" /* SignedHeaders */
+ "%.*s", /* HashedRequestPayload in hex */
+ method,
+ data->state.up.path,
+ data->state.up.query ? data->state.up.query : "",
+ Curl_dyn_ptr(&canonical_headers),
+ Curl_dyn_ptr(&signed_headers),
+ (int)payload_hash_len, payload_hash);
+ if(!canonical_request)
+ goto fail;
/* provider 0 lowercase */
Curl_strntolower(provider0, provider0, strlen(provider0));
@@ -493,7 +571,7 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy)
strlen(canonical_request)))
goto fail;
- sha256_to_hex(sha_hex, sha_hash, sizeof(sha_hex));
+ sha256_to_hex(sha_hex, sha_hash);
/* provider 0 uppercase */
Curl_strntoupper(provider0, provider0, strlen(provider0));
@@ -527,20 +605,22 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy)
HMAC_SHA256(sign0, sizeof(sign0), request_type, strlen(request_type), sign1);
HMAC_SHA256(sign1, sizeof(sign1), str_to_sign, strlen(str_to_sign), sign0);
- sha256_to_hex(sha_hex, sign0, sizeof(sha_hex));
+ sha256_to_hex(sha_hex, sign0);
/* provider 0 uppercase */
auth_headers = curl_maprintf("Authorization: %s4-HMAC-SHA256 "
"Credential=%s/%s, "
"SignedHeaders=%s, "
"Signature=%s\r\n"
- "%s\r\n",
+ "%s\r\n"
+ "%s", /* optional sha256 header includes \r\n */
provider0,
user,
credential_scope,
Curl_dyn_ptr(&signed_headers),
sha_hex,
- date_header);
+ date_header,
+ content_sha256_hdr);
if(!auth_headers) {
goto fail;
}
diff --git a/libs/libcurl/src/http_proxy.c b/libs/libcurl/src/http_proxy.c
index b10429e6a9..6d2435feaf 100644
--- a/libs/libcurl/src/http_proxy.c
+++ b/libs/libcurl/src/http_proxy.c
@@ -403,7 +403,6 @@ static CURLcode on_resp_header(struct Curl_cfilter *cf,
{
CURLcode result = CURLE_OK;
struct SingleRequest *k = &data->req;
- int subversion = 0;
(void)cf;
if((checkprefix("WWW-Authenticate:", header) &&
@@ -461,11 +460,14 @@ static CURLcode on_resp_header(struct Curl_cfilter *cf,
STRCONST("Proxy-Connection:"),
STRCONST("close")))
ts->close_connection = TRUE;
- else if(2 == sscanf(header, "HTTP/1.%d %d",
- &subversion,
- &k->httpcode)) {
+ else if(!strncmp(header, "HTTP/1.", 7) &&
+ ((header[7] == '0') || (header[7] == '1')) &&
+ (header[8] == ' ') &&
+ ISDIGIT(header[9]) && ISDIGIT(header[10]) && ISDIGIT(header[11]) &&
+ !ISDIGIT(header[12])) {
/* store the HTTP code from the proxy */
- data->info.httpproxycode = k->httpcode;
+ data->info.httpproxycode = k->httpcode = (header[9] - '0') * 100 +
+ (header[10] - '0') * 10 + (header[11] - '0');
}
return result;
}
diff --git a/libs/libcurl/src/idn.c b/libs/libcurl/src/idn.c
index b7c0a18b85..47b4d4655d 100644
--- a/libs/libcurl/src/idn.c
+++ b/libs/libcurl/src/idn.c
@@ -184,6 +184,11 @@ CURLcode Curl_idnconvert_hostname(struct hostname *host)
if(!Curl_is_ASCII_name(host->name)) {
char *decoded = idn_decode(host->name);
if(decoded) {
+ if(!*decoded) {
+ /* zero length is a bad host name */
+ Curl_idn_free(decoded);
+ return CURLE_URL_MALFORMAT;
+ }
/* successful */
host->encalloc = decoded;
/* change the name pointer to point to the encoded hostname */
diff --git a/libs/libcurl/src/inet_ntop.c b/libs/libcurl/src/inet_ntop.c
index e4e4a34605..e58a3b7e13 100644
--- a/libs/libcurl/src/inet_ntop.c
+++ b/libs/libcurl/src/inet_ntop.c
@@ -41,6 +41,15 @@
#define INADDRSZ 4
#define INT16SZ 2
+/*
+ * If ENABLE_IPV6 is disabled, we still want to parse IPv6 addresses, so make
+ * sure we have _some_ value for AF_INET6 without polluting our fake value
+ * everywhere.
+ */
+#if !defined(ENABLE_IPV6) && !defined(AF_INET6)
+#define AF_INET6 (AF_INET + 1)
+#endif
+
/*
* Format an IPv4 address, more or less like inet_ntop().
*
@@ -72,7 +81,6 @@ static char *inet_ntop4 (const unsigned char *src, char *dst, size_t size)
return dst;
}
-#ifdef ENABLE_IPV6
/*
* Convert IPv6 binary address into presentation (printable) format.
*/
@@ -168,7 +176,6 @@ static char *inet_ntop6 (const unsigned char *src, char *dst, size_t size)
strcpy(dst, tmp);
return dst;
}
-#endif /* ENABLE_IPV6 */
/*
* Convert a network format address to presentation format.
@@ -187,10 +194,8 @@ char *Curl_inet_ntop(int af, const void *src, char *buf, size_t size)
switch(af) {
case AF_INET:
return inet_ntop4((const unsigned char *)src, buf, size);
-#ifdef ENABLE_IPV6
case AF_INET6:
return inet_ntop6((const unsigned char *)src, buf, size);
-#endif
default:
errno = EAFNOSUPPORT;
return NULL;
diff --git a/libs/libcurl/src/inet_pton.c b/libs/libcurl/src/inet_pton.c
index 542740a393..a21679297f 100644
--- a/libs/libcurl/src/inet_pton.c
+++ b/libs/libcurl/src/inet_pton.c
@@ -38,15 +38,22 @@
#define INADDRSZ 4
#define INT16SZ 2
+/*
+ * If ENABLE_IPV6 is disabled, we still want to parse IPv6 addresses, so make
+ * sure we have _some_ value for AF_INET6 without polluting our fake value
+ * everywhere.
+ */
+#if !defined(ENABLE_IPV6) && !defined(AF_INET6)
+#define AF_INET6 (AF_INET + 1)
+#endif
+
/*
* WARNING: Don't even consider trying to compile this on a system where
* sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX.
*/
static int inet_pton4(const char *src, unsigned char *dst);
-#ifdef ENABLE_IPV6
static int inet_pton6(const char *src, unsigned char *dst);
-#endif
/* int
* inet_pton(af, src, dst)
@@ -70,10 +77,8 @@ Curl_inet_pton(int af, const char *src, void *dst)
switch(af) {
case AF_INET:
return (inet_pton4(src, (unsigned char *)dst));
-#ifdef ENABLE_IPV6
case AF_INET6:
return (inet_pton6(src, (unsigned char *)dst));
-#endif
default:
errno = EAFNOSUPPORT;
return (-1);
@@ -135,7 +140,6 @@ inet_pton4(const char *src, unsigned char *dst)
return (1);
}
-#ifdef ENABLE_IPV6
/* int
* inet_pton6(src, dst)
* convert presentation level address to network order binary form.
@@ -234,6 +238,5 @@ inet_pton6(const char *src, unsigned char *dst)
memcpy(dst, tmp, IN6ADDRSZ);
return (1);
}
-#endif /* ENABLE_IPV6 */
#endif /* HAVE_INET_PTON */
diff --git a/libs/libcurl/src/krb5.c b/libs/libcurl/src/krb5.c
index 6aed067feb..856bc7464f 100644
--- a/libs/libcurl/src/krb5.c
+++ b/libs/libcurl/src/krb5.c
@@ -721,8 +721,7 @@ int Curl_sec_read_msg(struct Curl_easy *data, struct connectdata *conn,
return 0;
if(buf[3] != '-')
- /* safe to ignore return code */
- (void)sscanf(buf, "%d", &ret_code);
+ ret_code = atoi(buf);
if(buf[decoded_len - 1] == '\n')
buf[decoded_len - 1] = '\0';
@@ -765,8 +764,9 @@ static int sec_set_protection_level(struct Curl_easy *data)
pbsz = strstr(data->state.buffer, "PBSZ=");
if(pbsz) {
- /* ignore return code, use default value if it fails */
- (void)sscanf(pbsz, "PBSZ=%u", &buffer_size);
+ /* stick to default value if the check fails */
+ if(!strncmp(pbsz, "PBSZ=", 5) && ISDIGIT(pbsz[5]))
+ buffer_size = atoi(&pbsz[5]);
if(buffer_size < conn->buffer_size)
conn->buffer_size = buffer_size;
}
diff --git a/libs/libcurl/src/ldap.c b/libs/libcurl/src/ldap.c
index 9d702ffb2f..aa36b0ed66 100644
--- a/libs/libcurl/src/ldap.c
+++ b/libs/libcurl/src/ldap.c
@@ -140,6 +140,14 @@ static void _ldap_free_urldesc(LDAPURLDesc *ludp);
#define ldap_err2string ldap_err2stringA
#endif
+#if defined(USE_WIN32_LDAP) && defined(_MSC_VER) && (_MSC_VER <= 1600)
+/* Workaround for warning:
+ 'type cast' : conversion from 'int' to 'void *' of greater size */
+#undef LDAP_OPT_ON
+#undef LDAP_OPT_OFF
+#define LDAP_OPT_ON ((void *)(size_t)1)
+#define LDAP_OPT_OFF ((void *)(size_t)0)
+#endif
static CURLcode ldap_do(struct Curl_easy *data, bool *done);
diff --git a/libs/libcurl/src/libcurl.plist b/libs/libcurl/src/libcurl.plist
index 29888b765f..2cbfb0ccf2 100644
--- a/libs/libcurl/src/libcurl.plist
+++ b/libs/libcurl/src/libcurl.plist
@@ -15,7 +15,7 @@
<string>se.curl.libcurl</string>
<key>CFBundleVersion</key>
- <string>7.88.1</string>
+ <string>8.0.1</string>
<key>CFBundleName</key>
<string>libcurl</string>
@@ -27,9 +27,9 @@
<string>????</string>
<key>CFBundleShortVersionString</key>
- <string>libcurl 7.88.1</string>
+ <string>libcurl 8.0.1</string>
<key>CFBundleGetInfoString</key>
- <string>libcurl.plist 7.88.1</string>
+ <string>libcurl.plist 8.0.1</string>
</dict>
</plist>
diff --git a/libs/libcurl/src/mqtt.c b/libs/libcurl/src/mqtt.c
index 1c147d5dd5..2d6f771be9 100644
--- a/libs/libcurl/src/mqtt.c
+++ b/libs/libcurl/src/mqtt.c
@@ -122,8 +122,9 @@ static CURLcode mqtt_send(struct Curl_easy *data,
struct MQTT *mq = data->req.p.mqtt;
ssize_t n;
result = Curl_write(data, sockfd, buf, len, &n);
- if(!result)
- Curl_debug(data, CURLINFO_HEADER_OUT, buf, (size_t)n);
+ if(result)
+ return result;
+ Curl_debug(data, CURLINFO_HEADER_OUT, buf, (size_t)n);
if(len != (size_t)n) {
size_t nsend = len - n;
char *sendleftovers = Curl_memdup(&buf[n], nsend);
diff --git a/libs/libcurl/src/multi.c b/libs/libcurl/src/multi.c
index 052bb110e6..b1ad4866a8 100644
--- a/libs/libcurl/src/multi.c
+++ b/libs/libcurl/src/multi.c
@@ -445,9 +445,6 @@ struct Curl_multi *Curl_multi_handle(int hashsize, /* socket hash */
sockhash_destroy(&multi->sockhash);
Curl_hash_destroy(&multi->hostcache);
Curl_conncache_destroy(&multi->conn_cache);
- Curl_llist_destroy(&multi->msglist, NULL);
- Curl_llist_destroy(&multi->pending, NULL);
-
free(multi);
return NULL;
}
@@ -459,6 +456,42 @@ struct Curl_multi *curl_multi_init(void)
CURL_DNS_HASH_SIZE);
}
+static void link_easy(struct Curl_multi *multi,
+ struct Curl_easy *data)
+{
+ /* We add the new easy entry last in the list. */
+ data->next = NULL; /* end of the line */
+ if(multi->easyp) {
+ struct Curl_easy *last = multi->easylp;
+ last->next = data;
+ data->prev = last;
+ multi->easylp = data; /* the new last node */
+ }
+ else {
+ /* first node, make prev NULL! */
+ data->prev = NULL;
+ multi->easylp = multi->easyp = data; /* both first and last */
+ }
+}
+
+/* unlink the given easy handle from the linked list of easy handles */
+static void unlink_easy(struct Curl_multi *multi,
+ struct Curl_easy *data)
+{
+ /* make the previous node point to our next */
+ if(data->prev)
+ data->prev->next = data->next;
+ else
+ multi->easyp = data->next; /* point to first node */
+
+ /* make our next point to our previous node */
+ if(data->next)
+ data->next->prev = data->prev;
+ else
+ multi->easylp = data->prev; /* point to last node */
+}
+
+
CURLMcode curl_multi_add_handle(struct Curl_multi *multi,
struct Curl_easy *data)
{
@@ -554,19 +587,7 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi,
data->psl = &multi->psl;
#endif
- /* We add the new entry last in the list. */
- data->next = NULL; /* end of the line */
- if(multi->easyp) {
- struct Curl_easy *last = multi->easylp;
- last->next = data;
- data->prev = last;
- multi->easylp = data; /* the new last node */
- }
- else {
- /* first node, make prev NULL! */
- data->prev = NULL;
- multi->easylp = multi->easyp = data; /* both first and last */
- }
+ link_easy(multi, data);
/* increase the node-counter */
multi->num_easy++;
@@ -841,10 +862,6 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi,
Curl_wildcard_dtor(&data->wildcard);
- /* destroy the timeout list that is held in the easy handle, do this *after*
- multi_done() as that may actually call Curl_expire that uses this */
- Curl_llist_destroy(&data->state.timeoutlist, NULL);
-
/* change state without using multistate(), only to make singlesocket() do
what we want */
data->mstate = MSTATE_COMPLETED;
@@ -917,17 +934,7 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi,
}
}
- /* make the previous node point to our next */
- if(data->prev)
- data->prev->next = data->next;
- else
- multi->easyp = data->next; /* point to first node */
-
- /* make our next point to our previous node */
- if(data->next)
- data->next->prev = data->prev;
- else
- multi->easylp = data->prev; /* point to last node */
+ unlink_easy(multi, data);
/* NOTE NOTE NOTE
We do not touch the easy handle here! */
@@ -976,7 +983,7 @@ void Curl_attach_connection(struct Curl_easy *data,
data->conn = conn;
Curl_llist_insert_next(&conn->easyq, conn->easyq.tail, data,
&data->conn_queue);
- if(conn->handler->attach)
+ if(conn->handler && conn->handler->attach)
conn->handler->attach(data, conn);
Curl_conn_ev_data_attach(conn, data);
}
@@ -2192,7 +2199,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
#ifndef CURL_DISABLE_FTP
/* some steps needed for wildcard matching */
if(data->state.wildcardmatch) {
- struct WildcardData *wc = &data->wildcard;
+ struct WildcardData *wc = data->wildcard;
if(wc->state == CURLWC_DONE || wc->state == CURLWC_SKIP) {
/* skip some states if it is important */
multi_done(data, CURLE_OK, FALSE);
@@ -2344,7 +2351,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
#ifndef CURL_DISABLE_FTP
if(data->state.wildcardmatch &&
((data->conn->handler->flags & PROTOPT_WILDCARD) == 0)) {
- data->wildcard.state = CURLWC_DONE;
+ data->wildcard->state = CURLWC_DONE;
}
#endif
multistate(data, MSTATE_DONE);
@@ -2574,7 +2581,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
#ifndef CURL_DISABLE_FTP
if(data->state.wildcardmatch) {
- if(data->wildcard.state != CURLWC_DONE) {
+ if(data->wildcard->state != CURLWC_DONE) {
/* if a wildcard is set and we are not ending -> lets start again
with MSTATE_INIT */
multistate(data, MSTATE_INIT);
@@ -2706,18 +2713,25 @@ CURLMcode curl_multi_perform(struct Curl_multi *multi, int *running_handles)
return CURLM_RECURSIVE_API_CALL;
data = multi->easyp;
- while(data) {
+ if(data) {
CURLMcode result;
+ bool nosig = data->set.no_signal;
SIGPIPE_VARIABLE(pipe_st);
-
sigpipe_ignore(data, &pipe_st);
- result = multi_runsingle(multi, &now, data);
+ /* Do the loop and only alter the signal ignore state if the next handle
+ has a different NO_SIGNAL state than the previous */
+ do {
+ if(data->set.no_signal != nosig) {
+ sigpipe_restore(&pipe_st);
+ sigpipe_ignore(data, &pipe_st);
+ nosig = data->set.no_signal;
+ }
+ result = multi_runsingle(multi, &now, data);
+ if(result)
+ returncode = result;
+ data = data->next; /* operate on next handle */
+ } while(data);
sigpipe_restore(&pipe_st);
-
- if(result)
- returncode = result;
-
- data = data->next; /* operate on next handle */
}
/*
@@ -2788,9 +2802,6 @@ CURLMcode curl_multi_cleanup(struct Curl_multi *multi)
sockhash_destroy(&multi->sockhash);
Curl_conncache_destroy(&multi->conn_cache);
- Curl_llist_destroy(&multi->msglist, NULL);
- Curl_llist_destroy(&multi->pending, NULL);
-
Curl_hash_destroy(&multi->hostcache);
Curl_psl_destroy(&multi->psl);
diff --git a/libs/libcurl/src/parsedate.c b/libs/libcurl/src/parsedate.c
index cd7e3005fb..bd31aadf9e 100644
--- a/libs/libcurl/src/parsedate.c
+++ b/libs/libcurl/src/parsedate.c
@@ -212,56 +212,55 @@ static int checkday(const char *check, size_t len)
{
int i;
const char * const *what;
- bool found = FALSE;
if(len > 3)
what = &weekday[0];
- else
+ else if(len == 3)
what = &Curl_wkday[0];
+ else
+ return -1; /* too short */
for(i = 0; i<7; i++) {
- if(strcasecompare(check, what[0])) {
- found = TRUE;
- break;
- }
+ size_t ilen = strlen(what[0]);
+ if((ilen == len) &&
+ strncasecompare(check, what[0], len))
+ return i;
what++;
}
- return found?i:-1;
+ return -1;
}
-static int checkmonth(const char *check)
+static int checkmonth(const char *check, size_t len)
{
int i;
- const char * const *what;
- bool found = FALSE;
+ const char * const *what = &Curl_month[0];
+ if(len != 3)
+ return -1; /* not a month */
- what = &Curl_month[0];
for(i = 0; i<12; i++) {
- if(strcasecompare(check, what[0])) {
- found = TRUE;
- break;
- }
+ if(strncasecompare(check, what[0], 3))
+ return i;
what++;
}
- return found?i:-1; /* return the offset or -1, no real offset is -1 */
+ return -1; /* return the offset or -1, no real offset is -1 */
}
/* return the time zone offset between GMT and the input one, in number
of seconds or -1 if the timezone wasn't found/legal */
-static int checktz(const char *check)
+static int checktz(const char *check, size_t len)
{
unsigned int i;
- const struct tzinfo *what;
- bool found = FALSE;
+ const struct tzinfo *what = tz;
+ if(len > 4) /* longer than any valid timezone */
+ return -1;
- what = tz;
for(i = 0; i< sizeof(tz)/sizeof(tz[0]); i++) {
- if(strcasecompare(check, what->name)) {
- found = TRUE;
- break;
- }
+ size_t ilen = strlen(what->name);
+ if((ilen == len) &&
+ strncasecompare(check, what->name, len))
+ return what->offset*60;
what++;
}
- return found?what->offset*60:-1;
+ return -1;
}
static void skip(const char **date)
@@ -294,6 +293,53 @@ static time_t time2epoch(int sec, int min, int hour,
+ hour) * 60 + min) * 60 + sec;
}
+/* Returns the value of a single-digit or two-digit decimal number, return
+ then pointer to after the number. The 'date' pointer is known to point to a
+ digit. */
+static int oneortwodigit(const char *date, const char **endp)
+{
+ int num = date[0] - '0';
+ if(ISDIGIT(date[1])) {
+ *endp = &date[2];
+ return num*10 + (date[1] - '0');
+ }
+ *endp = &date[1];
+ return num;
+}
+
+
+/* HH:MM:SS or HH:MM and accept single-digits too */
+static bool match_time(const char *date,
+ int *h, int *m, int *s, char **endp)
+{
+ const char *p;
+ int hh, mm, ss = 0;
+ hh = oneortwodigit(date, &p);
+ if((hh < 24) && (*p == ':') && ISDIGIT(p[1])) {
+ mm = oneortwodigit(&p[1], &p);
+ if(mm < 60) {
+ if((*p == ':') && ISDIGIT(p[1])) {
+ ss = oneortwodigit(&p[1], &p);
+ if(ss <= 60) {
+ /* valid HH:MM:SS */
+ goto match;
+ }
+ }
+ else {
+ /* valid HH:MM */
+ goto match;
+ }
+ }
+ }
+ return FALSE; /* not a time string */
+ match:
+ *h = hh;
+ *m = mm;
+ *s = ss;
+ *endp = (char *)p;
+ return TRUE;
+}
+
/*
* parsedate()
*
@@ -305,6 +351,9 @@ static time_t time2epoch(int sec, int min, int hour,
* PARSEDATE_SOONER - time underflow at the low end of time_t
*/
+/* Wednesday is the longest name this parser knows about */
+#define NAME_LEN 12
+
static int parsedate(const char *date, time_t *output)
{
time_t t = 0;
@@ -327,32 +376,32 @@ static int parsedate(const char *date, time_t *output)
if(ISALPHA(*date)) {
/* a name coming up */
- char buf[32]="";
- size_t len;
- if(sscanf(date, "%31[ABCDEFGHIJKLMNOPQRSTUVWXYZ"
- "abcdefghijklmnopqrstuvwxyz]", buf))
- len = strlen(buf);
- else
- len = 0;
-
- if(wdaynum == -1) {
- wdaynum = checkday(buf, len);
- if(wdaynum != -1)
- found = TRUE;
- }
- if(!found && (monnum == -1)) {
- monnum = checkmonth(buf);
- if(monnum != -1)
- found = TRUE;
+ size_t len = 0;
+ const char *p = date;
+ while(ISALPHA(*p) && (len < NAME_LEN)) {
+ p++;
+ len++;
}
- if(!found && (tzoff == -1)) {
- /* this just must be a time zone string */
- tzoff = checktz(buf);
- if(tzoff != -1)
- found = TRUE;
- }
+ if(len != NAME_LEN) {
+ if(wdaynum == -1) {
+ wdaynum = checkday(date, len);
+ if(wdaynum != -1)
+ found = TRUE;
+ }
+ if(!found && (monnum == -1)) {
+ monnum = checkmonth(date, len);
+ if(monnum != -1)
+ found = TRUE;
+ }
+ if(!found && (tzoff == -1)) {
+ /* this just must be a time zone string */
+ tzoff = checktz(date, len);
+ if(tzoff != -1)
+ found = TRUE;
+ }
+ }
if(!found)
return PARSEDATE_FAIL; /* bad string */
@@ -362,18 +411,10 @@ static int parsedate(const char *date, time_t *output)
/* a digit */
int val;
char *end;
- int len = 0;
if((secnum == -1) &&
- (3 == sscanf(date, "%02d:%02d:%02d%n",
- &hournum, &minnum, &secnum, &len))) {
- /* time stamp! */
- date += len;
- }
- else if((secnum == -1) &&
- (2 == sscanf(date, "%02d:%02d%n", &hournum, &minnum, &len))) {
- /* time stamp without seconds */
- date += len;
- secnum = 0;
+ match_time(date, &hournum, &minnum, &secnum, &end)) {
+ /* time stamp */
+ date = end;
}
else {
long lval;
diff --git a/libs/libcurl/src/progress.c b/libs/libcurl/src/progress.c
index 0a0d1a2f2d..73e384efae 100644
--- a/libs/libcurl/src/progress.c
+++ b/libs/libcurl/src/progress.c
@@ -87,8 +87,6 @@ static char *max5data(curl_off_t bytes, char *max5)
CURL_FORMAT_CURL_OFF_T "M", bytes/ONE_MEGABYTE,
(bytes%ONE_MEGABYTE) / (ONE_MEGABYTE/CURL_OFF_T_C(10)) );
-#if (SIZEOF_CURL_OFF_T > 4)
-
else if(bytes < CURL_OFF_T_C(10000) * ONE_MEGABYTE)
/* 'XXXXM' is good until we're at 10000MB or above */
msnprintf(max5, 6, "%4" CURL_FORMAT_CURL_OFF_T "M", bytes/ONE_MEGABYTE);
@@ -111,15 +109,8 @@ static char *max5data(curl_off_t bytes, char *max5)
/* up to 10000PB, display without decimal: XXXXP */
msnprintf(max5, 6, "%4" CURL_FORMAT_CURL_OFF_T "P", bytes/ONE_PETABYTE);
- /* 16384 petabytes (16 exabytes) is the maximum a 64 bit unsigned number
- can hold, but our data type is signed so 8192PB will be the maximum. */
-
-#else
-
- else
- msnprintf(max5, 6, "%4" CURL_FORMAT_CURL_OFF_T "M", bytes/ONE_MEGABYTE);
-
-#endif
+ /* 16384 petabytes (16 exabytes) is the maximum a 64 bit unsigned number can
+ hold, but our data type is signed so 8192PB will be the maximum. */
return max5;
}
diff --git a/libs/libcurl/src/rand.c b/libs/libcurl/src/rand.c
index 2fe5db7b36..126fae9e29 100644
--- a/libs/libcurl/src/rand.c
+++ b/libs/libcurl/src/rand.c
@@ -30,6 +30,10 @@
#ifdef HAVE_ARPA_INET_H
#include <arpa/inet.h>
#endif
+#ifdef HAVE_ARC4RANDOM
+/* Some platforms might have the prototype missing (ubuntu + libressl) */
+uint32_t arc4random(void);
+#endif
#include <curl/curl.h>
#include "vtls/vtls.h"
@@ -143,6 +147,11 @@ static CURLcode randit(struct Curl_easy *data, unsigned int *rnd)
}
#endif
+#ifdef HAVE_ARC4RANDOM
+ *rnd = (unsigned int)arc4random();
+ return CURLE_OK;
+#endif
+
#if defined(RANDOM_FILE) && !defined(WIN32)
if(!seeded) {
/* if there's a random file to read a seed from, use it */
diff --git a/libs/libcurl/src/rtsp.c b/libs/libcurl/src/rtsp.c
index 4604b456ba..9643261242 100644
--- a/libs/libcurl/src/rtsp.c
+++ b/libs/libcurl/src/rtsp.c
@@ -145,7 +145,8 @@ static unsigned int rtsp_conncheck(struct Curl_easy *data,
(void)data;
if(checks_to_perform & CONNCHECK_ISDEAD) {
- if(!Curl_conn_is_alive(data, conn))
+ bool input_pending;
+ if(!Curl_conn_is_alive(data, conn, &input_pending))
ret_val |= CONNRESULT_DEAD;
}
@@ -755,12 +756,14 @@ CURLcode rtp_client_write(struct Curl_easy *data, char *ptr, size_t len)
CURLcode Curl_rtsp_parseheader(struct Curl_easy *data, char *header)
{
- long CSeq = 0;
-
if(checkprefix("CSeq:", header)) {
- /* Store the received CSeq. Match is verified in rtsp_done */
- int nc = sscanf(&header[4], ": %ld", &CSeq);
- if(nc == 1) {
+ long CSeq = 0;
+ char *endp;
+ char *p = &header[5];
+ while(ISBLANK(*p))
+ p++;
+ CSeq = strtol(p, &endp, 10);
+ if(p != endp) {
struct RTSP *rtsp = data->req.p.rtsp;
rtsp->CSeq_recv = CSeq; /* mark the request */
data->state.rtsp_CSeq_recv = CSeq; /* update the handle */
diff --git a/libs/libcurl/src/select.c b/libs/libcurl/src/select.c
index 09f3497b18..278171a7ea 100644
--- a/libs/libcurl/src/select.c
+++ b/libs/libcurl/src/select.c
@@ -230,14 +230,14 @@ int Curl_socket_check(curl_socket_t readfd0, /* two sockets to read from */
if(readfd0 != CURL_SOCKET_BAD) {
if(pfd[num].revents & (POLLRDNORM|POLLIN|POLLERR|POLLHUP))
r |= CURL_CSELECT_IN;
- if(pfd[num].revents & (POLLRDBAND|POLLPRI|POLLNVAL))
+ if(pfd[num].revents & (POLLPRI|POLLNVAL))
r |= CURL_CSELECT_ERR;
num++;
}
if(readfd1 != CURL_SOCKET_BAD) {
if(pfd[num].revents & (POLLRDNORM|POLLIN|POLLERR|POLLHUP))
r |= CURL_CSELECT_IN2;
- if(pfd[num].revents & (POLLRDBAND|POLLPRI|POLLNVAL))
+ if(pfd[num].revents & (POLLPRI|POLLNVAL))
r |= CURL_CSELECT_ERR;
num++;
}
diff --git a/libs/libcurl/src/setopt.c b/libs/libcurl/src/setopt.c
index 53e53ad6f5..906222d3b9 100644
--- a/libs/libcurl/src/setopt.c
+++ b/libs/libcurl/src/setopt.c
@@ -899,7 +899,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
case CURL_HTTP_VERSION_NONE:
#ifdef USE_HTTP2
/* TODO: this seems an undesirable quirk to force a behaviour on
- * lower implementations that they should recognize independantly? */
+ * lower implementations that they should recognize independently? */
arg = CURL_HTTP_VERSION_2TLS;
#endif
/* accepted */
@@ -2369,7 +2369,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
arg = va_arg(param, long);
if((arg < CURLUSESSL_NONE) || (arg >= CURLUSESSL_LAST))
return CURLE_BAD_FUNCTION_ARGUMENT;
- data->set.use_ssl = (curl_usessl)arg;
+ data->set.use_ssl = (unsigned char)arg;
break;
case CURLOPT_SSL_OPTIONS:
@@ -2849,7 +2849,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
data->set.fnmatch = va_arg(param, curl_fnmatch_callback);
break;
case CURLOPT_CHUNK_DATA:
- data->wildcard.customptr = va_arg(param, void *);
+ data->set.wildcardptr = va_arg(param, void *);
break;
case CURLOPT_FNMATCH_DATA:
data->set.fnmatch_data = va_arg(param, void *);
diff --git a/libs/libcurl/src/sigpipe.h b/libs/libcurl/src/sigpipe.h
index 6736238e8c..3f325f1a3c 100644
--- a/libs/libcurl/src/sigpipe.h
+++ b/libs/libcurl/src/sigpipe.h
@@ -50,7 +50,6 @@ static void sigpipe_ignore(struct Curl_easy *data,
if(!data->set.no_signal) {
struct sigaction action;
/* first, extract the existing situation */
- memset(&ig->old_pipe_act, 0, sizeof(struct sigaction));
sigaction(SIGPIPE, NULL, &ig->old_pipe_act);
action = ig->old_pipe_act;
/* ignore this signal */
diff --git a/libs/libcurl/src/smb.c b/libs/libcurl/src/smb.c
index d744044cb2..01553de971 100644
--- a/libs/libcurl/src/smb.c
+++ b/libs/libcurl/src/smb.c
@@ -25,8 +25,7 @@
#include "curl_setup.h"
-#if !defined(CURL_DISABLE_SMB) && defined(USE_CURL_NTLM_CORE) && \
- (SIZEOF_CURL_OFF_T > 4)
+#if !defined(CURL_DISABLE_SMB) && defined(USE_CURL_NTLM_CORE)
#define BUILDING_CURL_SMB_C
diff --git a/libs/libcurl/src/telnet.c b/libs/libcurl/src/telnet.c
index 0c674c8230..d22dc8c1f9 100644
--- a/libs/libcurl/src/telnet.c
+++ b/libs/libcurl/src/telnet.c
@@ -770,22 +770,32 @@ static void printsub(struct Curl_easy *data,
}
}
+static bool str_is_nonascii(const char *str)
+{
+ size_t len = strlen(str);
+ while(len--) {
+ if(*str & 0x80)
+ return TRUE;
+ str++;
+ }
+ return FALSE;
+}
+
static CURLcode check_telnet_options(struct Curl_easy *data)
{
struct curl_slist *head;
struct curl_slist *beg;
- char option_keyword[128] = "";
- char option_arg[256] = "";
struct TELNET *tn = data->req.p.telnet;
- struct connectdata *conn = data->conn;
CURLcode result = CURLE_OK;
- int binary_option;
/* Add the user name as an environment variable if it
was given on the command line */
if(data->state.aptr.user) {
- msnprintf(option_arg, sizeof(option_arg), "USER,%s", conn->user);
- beg = curl_slist_append(tn->telnet_vars, option_arg);
+ char buffer[256];
+ if(str_is_nonascii(data->conn->user))
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ msnprintf(buffer, sizeof(buffer), "USER,%s", data->conn->user);
+ beg = curl_slist_append(tn->telnet_vars, buffer);
if(!beg) {
curl_slist_free_all(tn->telnet_vars);
tn->telnet_vars = NULL;
@@ -795,68 +805,100 @@ static CURLcode check_telnet_options(struct Curl_easy *data)
tn->us_preferred[CURL_TELOPT_NEW_ENVIRON] = CURL_YES;
}
- for(head = data->set.telnet_options; head; head = head->next) {
- if(sscanf(head->data, "%127[^= ]%*[ =]%255s",
- option_keyword, option_arg) == 2) {
-
- /* Terminal type */
- if(strcasecompare(option_keyword, "TTYPE")) {
- strncpy(tn->subopt_ttype, option_arg, 31);
- tn->subopt_ttype[31] = 0; /* String termination */
- tn->us_preferred[CURL_TELOPT_TTYPE] = CURL_YES;
+ for(head = data->set.telnet_options; head && !result; head = head->next) {
+ size_t olen;
+ char *option = head->data;
+ char *arg;
+ char *sep = strchr(option, '=');
+ if(sep) {
+ olen = sep - option;
+ arg = ++sep;
+ if(str_is_nonascii(arg))
continue;
- }
+ switch(olen) {
+ case 5:
+ /* Terminal type */
+ if(strncasecompare(option, "TTYPE", 5)) {
+ strncpy(tn->subopt_ttype, arg, 31);
+ tn->subopt_ttype[31] = 0; /* String termination */
+ tn->us_preferred[CURL_TELOPT_TTYPE] = CURL_YES;
+ }
+ else
+ result = CURLE_UNKNOWN_OPTION;
+ break;
- /* Display variable */
- if(strcasecompare(option_keyword, "XDISPLOC")) {
- strncpy(tn->subopt_xdisploc, option_arg, 127);
- tn->subopt_xdisploc[127] = 0; /* String termination */
- tn->us_preferred[CURL_TELOPT_XDISPLOC] = CURL_YES;
- continue;
- }
+ case 8:
+ /* Display variable */
+ if(strncasecompare(option, "XDISPLOC", 8)) {
+ strncpy(tn->subopt_xdisploc, arg, 127);
+ tn->subopt_xdisploc[127] = 0; /* String termination */
+ tn->us_preferred[CURL_TELOPT_XDISPLOC] = CURL_YES;
+ }
+ else
+ result = CURLE_UNKNOWN_OPTION;
+ break;
- /* Environment variable */
- if(strcasecompare(option_keyword, "NEW_ENV")) {
- beg = curl_slist_append(tn->telnet_vars, option_arg);
- if(!beg) {
- result = CURLE_OUT_OF_MEMORY;
- break;
+ case 7:
+ /* Environment variable */
+ if(strncasecompare(option, "NEW_ENV", 7)) {
+ beg = curl_slist_append(tn->telnet_vars, arg);
+ if(!beg) {
+ result = CURLE_OUT_OF_MEMORY;
+ break;
+ }
+ tn->telnet_vars = beg;
+ tn->us_preferred[CURL_TELOPT_NEW_ENVIRON] = CURL_YES;
}
- tn->telnet_vars = beg;
- tn->us_preferred[CURL_TELOPT_NEW_ENVIRON] = CURL_YES;
- continue;
- }
+ else
+ result = CURLE_UNKNOWN_OPTION;
+ break;
- /* Window Size */
- if(strcasecompare(option_keyword, "WS")) {
- if(sscanf(option_arg, "%hu%*[xX]%hu",
- &tn->subopt_wsx, &tn->subopt_wsy) == 2)
- tn->us_preferred[CURL_TELOPT_NAWS] = CURL_YES;
- else {
- failf(data, "Syntax error in telnet option: %s", head->data);
- result = CURLE_SETOPT_OPTION_SYNTAX;
- break;
+ case 2:
+ /* Window Size */
+ if(strncasecompare(option, "WS", 2)) {
+ char *p;
+ unsigned long x = strtoul(arg, &p, 10);
+ unsigned long y = 0;
+ if(x && (x <= 0xffff) && Curl_raw_tolower(*p) == 'x') {
+ p++;
+ y = strtoul(p, NULL, 10);
+ if(y && (y <= 0xffff)) {
+ tn->subopt_wsx = (unsigned short)x;
+ tn->subopt_wsy = (unsigned short)y;
+ tn->us_preferred[CURL_TELOPT_NAWS] = CURL_YES;
+ }
+ }
+ if(!y) {
+ failf(data, "Syntax error in telnet option: %s", head->data);
+ result = CURLE_SETOPT_OPTION_SYNTAX;
+ }
}
- continue;
- }
+ else
+ result = CURLE_UNKNOWN_OPTION;
+ break;
- /* To take care or not of the 8th bit in data exchange */
- if(strcasecompare(option_keyword, "BINARY")) {
- binary_option = atoi(option_arg);
- if(binary_option != 1) {
- tn->us_preferred[CURL_TELOPT_BINARY] = CURL_NO;
- tn->him_preferred[CURL_TELOPT_BINARY] = CURL_NO;
+ case 6:
+ /* To take care or not of the 8th bit in data exchange */
+ if(strncasecompare(option, "BINARY", 6)) {
+ int binary_option = atoi(arg);
+ if(binary_option != 1) {
+ tn->us_preferred[CURL_TELOPT_BINARY] = CURL_NO;
+ tn->him_preferred[CURL_TELOPT_BINARY] = CURL_NO;
+ }
}
- continue;
+ else
+ result = CURLE_UNKNOWN_OPTION;
+ break;
+ default:
+ failf(data, "Unknown telnet option %s", head->data);
+ result = CURLE_UNKNOWN_OPTION;
+ break;
}
-
- failf(data, "Unknown telnet option %s", head->data);
- result = CURLE_UNKNOWN_OPTION;
- break;
}
- failf(data, "Syntax error in telnet option: %s", head->data);
- result = CURLE_SETOPT_OPTION_SYNTAX;
- break;
+ else {
+ failf(data, "Syntax error in telnet option: %s", head->data);
+ result = CURLE_SETOPT_OPTION_SYNTAX;
+ }
}
if(result) {
@@ -881,8 +923,6 @@ static void suboption(struct Curl_easy *data)
ssize_t bytes_written;
size_t len;
int err;
- char varname[128] = "";
- char varval[128] = "";
struct TELNET *tn = data->req.p.telnet;
struct connectdata *conn = data->conn;
@@ -920,19 +960,18 @@ static void suboption(struct Curl_easy *data)
for(v = tn->telnet_vars; v; v = v->next) {
size_t tmplen = (strlen(v->data) + 1);
- /* Add the variable only if it fits */
+ /* Add the variable if it fits */
if(len + tmplen < (int)sizeof(temp)-6) {
- int rv;
- char sep[2] = "";
- varval[0] = 0;
- rv = sscanf(v->data, "%127[^,]%1[,]%127s", varname, sep, varval);
- if(rv == 1)
+ char *s = strchr(v->data, ',');
+ if(!s)
len += msnprintf((char *)&temp[len], sizeof(temp) - len,
- "%c%s", CURL_NEW_ENV_VAR, varname);
- else if(rv >= 2)
+ "%c%s", CURL_NEW_ENV_VAR, v->data);
+ else {
+ size_t vlen = s - v->data;
len += msnprintf((char *)&temp[len], sizeof(temp) - len,
- "%c%s%c%s", CURL_NEW_ENV_VAR, varname,
- CURL_NEW_ENV_VALUE, varval);
+ "%c%.*s%c%s", CURL_NEW_ENV_VAR,
+ (int)vlen, v->data, CURL_NEW_ENV_VALUE, ++s);
+ }
}
}
msnprintf((char *)&temp[len], sizeof(temp) - len,
diff --git a/libs/libcurl/src/transfer.c b/libs/libcurl/src/transfer.c
index 6d0ed31e52..d0750c46f7 100644
--- a/libs/libcurl/src/transfer.c
+++ b/libs/libcurl/src/transfer.c
@@ -980,7 +980,15 @@ static CURLcode readwrite_upload(struct Curl_easy *data,
if(result)
return result;
- win_update_buffer_size(conn->writesockfd);
+#if defined(WIN32) && defined(USE_WINSOCK)
+ {
+ struct curltime n = Curl_now();
+ if(Curl_timediff(n, k->last_sndbuf_update) > 1000) {
+ win_update_buffer_size(conn->writesockfd);
+ k->last_sndbuf_update = n;
+ }
+ }
+#endif
if(k->pendingheader) {
/* parts of what was sent was header */
@@ -1226,8 +1234,7 @@ CURLcode Curl_readwrite(struct connectdata *conn,
}
/* Now update the "done" boolean we return */
- *done = (0 == (k->keepon&(KEEP_RECV|KEEP_SEND|
- KEEP_RECV_PAUSE|KEEP_SEND_PAUSE))) ? TRUE : FALSE;
+ *done = (0 == (k->keepon&(KEEP_RECVBITS|KEEP_SENDBITS))) ? TRUE : FALSE;
result = CURLE_OK;
out:
if(result)
@@ -1394,7 +1401,13 @@ CURLcode Curl_pretransfer(struct Curl_easy *data)
#ifndef CURL_DISABLE_FTP
data->state.wildcardmatch = data->set.wildcard_enabled;
if(data->state.wildcardmatch) {
- struct WildcardData *wc = &data->wildcard;
+ struct WildcardData *wc;
+ if(!data->wildcard) {
+ data->wildcard = calloc(1, sizeof(struct WildcardData));
+ if(!data->wildcard)
+ return CURLE_OUT_OF_MEMORY;
+ }
+ wc = data->wildcard;
if(wc->state < CURLWC_INIT) {
result = Curl_wildcard_init(wc); /* init wildcard structures */
if(result)
diff --git a/libs/libcurl/src/url.c b/libs/libcurl/src/url.c
index 3a81266424..48616be963 100644
--- a/libs/libcurl/src/url.c
+++ b/libs/libcurl/src/url.c
@@ -288,33 +288,6 @@ static const struct Curl_handler * const protocols[] = {
(struct Curl_handler *) NULL
};
-/*
- * Dummy handler for undefined protocol schemes.
- */
-
-static const struct Curl_handler Curl_handler_dummy = {
- "<no protocol>", /* scheme */
- ZERO_NULL, /* setup_connection */
- ZERO_NULL, /* do_it */
- ZERO_NULL, /* done */
- ZERO_NULL, /* do_more */
- ZERO_NULL, /* connect_it */
- ZERO_NULL, /* connecting */
- ZERO_NULL, /* doing */
- ZERO_NULL, /* proto_getsock */
- ZERO_NULL, /* doing_getsock */
- ZERO_NULL, /* domore_getsock */
- ZERO_NULL, /* perform_getsock */
- ZERO_NULL, /* disconnect */
- ZERO_NULL, /* readwrite */
- ZERO_NULL, /* connection_check */
- ZERO_NULL, /* attach connection */
- 0, /* defport */
- 0, /* protocol */
- 0, /* family */
- PROTOPT_NONE /* flags */
-};
-
void Curl_freeset(struct Curl_easy *data)
{
/* Free all dynamic strings stored in the data->set substructure. */
@@ -341,6 +314,11 @@ void Curl_freeset(struct Curl_easy *data)
data->state.url = NULL;
Curl_mime_cleanpart(&data->set.mimepost);
+
+#ifndef CURL_DISABLE_COOKIES
+ curl_slist_free_all(data->set.cookielist);
+ data->set.cookielist = NULL;
+#endif
}
/* free the URL pieces */
@@ -431,9 +409,6 @@ CURLcode Curl_close(struct Curl_easy **datap)
Curl_dyn_free(&data->state.headerb);
Curl_safefree(data->state.ulbuf);
Curl_flush_cookies(data, TRUE);
-#ifndef CURL_DISABLE_COOKIES
- curl_slist_free_all(data->set.cookielist); /* clean up list */
-#endif
Curl_altsvc_save(data, data->asi, data->set.str[STRING_ALTSVC]);
Curl_altsvc_cleanup(&data->asi);
Curl_hsts_save(data, data->hsts, data->set.str[STRING_HSTS]);
@@ -752,8 +727,6 @@ static void conn_free(struct Curl_easy *data, struct connectdata *conn)
Curl_safefree(conn->conn_to_host.rawalloc); /* host name buffer */
Curl_safefree(conn->hostname_resolve);
Curl_safefree(conn->secondaryhostname);
-
- Curl_llist_destroy(&conn->easyq, NULL);
Curl_safefree(conn->localdev);
Curl_free_primary_ssl_config(&conn->ssl_config);
@@ -823,7 +796,7 @@ void Curl_disconnect(struct Curl_easy *data,
disconnect and shutdown */
Curl_attach_connection(data, conn);
- if(conn->handler->disconnect)
+ if(conn->handler && conn->handler->disconnect)
/* This is set if protocol-specific cleanups should be made */
conn->handler->disconnect(data, conn, dead_connection);
@@ -965,7 +938,20 @@ static bool extract_if_dead(struct connectdata *conn,
}
else {
- dead = !Curl_conn_is_alive(data, conn);
+ bool input_pending;
+
+ dead = !Curl_conn_is_alive(data, conn, &input_pending);
+ if(input_pending) {
+ /* For reuse, we want a "clean" connection state. The includes
+ * that we expect - in general - no waiting input data. Input
+ * waiting might be a TLS Notify Close, for example. We reject
+ * that.
+ * For protocols where data from other other end may arrive at
+ * any time (HTTP/2 PING for example), the protocol handler needs
+ * to install its own `connection_check` callback.
+ */
+ dead = TRUE;
+ }
}
if(dead) {
@@ -1170,14 +1156,14 @@ ConnectionExists(struct Curl_easy *data,
continue;
}
}
+ }
- if(!Curl_conn_is_connected(check, FIRSTSOCKET)) {
- foundPendingCandidate = TRUE;
- /* Don't pick a connection that hasn't connected yet */
- infof(data, "Connection #%ld isn't open enough, can't reuse",
- check->connection_id);
- continue;
- }
+ if(!Curl_conn_is_connected(check, FIRSTSOCKET)) {
+ foundPendingCandidate = TRUE;
+ /* Don't pick a connection that hasn't connected yet */
+ infof(data, "Connection #%ld isn't open enough, can't reuse",
+ check->connection_id);
+ continue;
}
#ifdef USE_UNIX_SOCKETS
@@ -1291,6 +1277,11 @@ ConnectionExists(struct Curl_easy *data,
}
}
+ /* GSS delegation differences do not actually affect every connection
+ and auth method, but this check takes precaution before efficiency */
+ if(needle->gssapi_delegation != check->gssapi_delegation)
+ continue;
+
/* If multiplexing isn't enabled on the h2 connection and h1 is
explicitly requested, handle it: */
if((needle->handler->protocol & PROTO_FAMILY_HTTP) &&
@@ -1299,11 +1290,24 @@ ConnectionExists(struct Curl_easy *data,
|| ((check->httpversion >= 30) &&
(data->state.httpwant < CURL_HTTP_VERSION_3))))
continue;
-
- if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) {
+#ifdef USE_SSH
+ else if(get_protocol_family(needle->handler) & PROTO_FAMILY_SSH) {
if(!ssh_config_matches(needle, check))
continue;
}
+#endif
+#ifndef CURL_DISABLE_FTP
+ else if(get_protocol_family(needle->handler) & PROTO_FAMILY_FTP) {
+ /* Also match ACCOUNT, ALTERNATIVE-TO-USER, USE_SSL and CCC options */
+ if(Curl_timestrcmp(needle->proto.ftpc.account,
+ check->proto.ftpc.account) ||
+ Curl_timestrcmp(needle->proto.ftpc.alternative_to_user,
+ check->proto.ftpc.alternative_to_user) ||
+ (needle->proto.ftpc.use_ssl != check->proto.ftpc.use_ssl) ||
+ (needle->proto.ftpc.ccc != check->proto.ftpc.ccc))
+ continue;
+ }
+#endif
if((needle->handler->flags&PROTOPT_SSL)
#ifndef CURL_DISABLE_PROXY
@@ -1494,10 +1498,6 @@ static struct connectdata *allocate_conn(struct Curl_easy *data)
if(!conn)
return NULL;
- conn->handler = &Curl_handler_dummy; /* Be sure we have a handler defined
- already from start to avoid NULL
- situations and checks */
-
/* and we setup a few fields in case we end up actually using this struct */
conn->sock[FIRSTSOCKET] = CURL_SOCKET_BAD; /* no file descriptor */
@@ -1589,11 +1589,11 @@ static struct connectdata *allocate_conn(struct Curl_easy *data)
conn->fclosesocket = data->set.fclosesocket;
conn->closesocket_client = data->set.closesocket_client;
conn->lastused = Curl_now(); /* used now */
+ conn->gssapi_delegation = data->set.gssapi_delegation;
return conn;
error:
- Curl_llist_destroy(&conn->easyq, NULL);
free(conn->localdev);
free(conn);
return NULL;
diff --git a/libs/libcurl/src/urlapi.c b/libs/libcurl/src/urlapi.c
index 94266c1f4f..780a26747a 100644
--- a/libs/libcurl/src/urlapi.c
+++ b/libs/libcurl/src/urlapi.c
@@ -57,6 +57,15 @@
/* scheme is not URL encoded, the longest libcurl supported ones are... */
#define MAX_SCHEME_LEN 40
+/*
+ * If ENABLE_IPV6 is disabled, we still want to parse IPv6 addresses, so make
+ * sure we have _some_ value for AF_INET6 without polluting our fake value
+ * everywhere.
+ */
+#if !defined(ENABLE_IPV6) && !defined(AF_INET6)
+#define AF_INET6 (AF_INET + 1)
+#endif
+
/* Internal representation of CURLU. Point to URL-encoded strings. */
struct Curl_URL {
char *scheme;
@@ -599,7 +608,8 @@ static CURLUcode hostname_check(struct Curl_URL *u, char *hostname,
return CURLUE_BAD_IPV6;
/* hostname is fine */
}
-#ifdef ENABLE_IPV6
+
+ /* Check the IPv6 address. */
{
char dest[16]; /* fits a binary IPv6 address */
char norm[MAX_IPADR_LEN];
@@ -616,11 +626,10 @@ static CURLUcode hostname_check(struct Curl_URL *u, char *hostname,
}
hostname[hlen] = ']'; /* restore ending bracket */
}
-#endif
}
else {
/* letters from the second string are not ok */
- len = strcspn(hostname, " \r\n\t/:#?!@{}[]\\$\'\"^`*<>=;,+&()");
+ len = strcspn(hostname, " \r\n\t/:#?!@{}[]\\$\'\"^`*<>=;,+&()%");
if(hlen != len)
/* hostname with bad content */
return CURLUE_BAD_HOSTNAME;
@@ -1341,7 +1350,7 @@ void curl_url_cleanup(CURLU *u)
} \
} while(0)
-CURLU *curl_url_dup(CURLU *in)
+CURLU *curl_url_dup(const CURLU *in)
{
struct Curl_URL *u = calloc(sizeof(struct Curl_URL), 1);
if(u) {
@@ -1362,10 +1371,10 @@ CURLU *curl_url_dup(CURLU *in)
return NULL;
}
-CURLUcode curl_url_get(CURLU *u, CURLUPart what,
+CURLUcode curl_url_get(const CURLU *u, CURLUPart what,
char **part, unsigned int flags)
{
- char *ptr;
+ const char *ptr;
CURLUcode ifmissing = CURLUE_UNKNOWN_PART;
char portbuf[7];
bool urldecode = (flags & CURLU_URLDECODE)?1:0;
@@ -1432,11 +1441,8 @@ CURLUcode curl_url_get(CURLU *u, CURLUPart what,
break;
case CURLUPART_PATH:
ptr = u->path;
- if(!ptr) {
- ptr = u->path = strdup("/");
- if(!u->path)
- return CURLUE_OUT_OF_MEMORY;
- }
+ if(!ptr)
+ ptr = "/";
break;
case CURLUPART_QUERY:
ptr = u->query;
@@ -1546,8 +1552,7 @@ CURLUcode curl_url_get(CURLU *u, CURLUPart what,
return CURLUE_OUT_OF_MEMORY;
host++;
}
- free(u->host);
- u->host = Curl_dyn_ptr(&enc);
+ allochost = Curl_dyn_ptr(&enc);
}
}
diff --git a/libs/libcurl/src/urldata.h b/libs/libcurl/src/urldata.h
index c1efd65a8b..0905e1bc51 100644
--- a/libs/libcurl/src/urldata.h
+++ b/libs/libcurl/src/urldata.h
@@ -168,7 +168,7 @@ typedef CURLcode (*Curl_datastream)(struct Curl_easy *data,
#include "rtsp.h"
#include "smb.h"
#include "mqtt.h"
-#include "wildcard.h"
+#include "ftplistparser.h"
#include "multihandle.h"
#include "c-hyper.h"
#include "cf-socket.h"
@@ -686,6 +686,10 @@ struct SingleRequest {
} p;
#ifndef CURL_DISABLE_DOH
struct dohdata *doh; /* DoH specific data for this request */
+#endif
+#if defined(WIN32) && defined(USE_WINSOCK)
+ struct curltime last_sndbuf_update; /* last time readwrite_upload called
+ win_update_buffer_size */
#endif
unsigned char setcookies;
unsigned char writer_stack_depth; /* Unencoding stack depth. */
@@ -1057,6 +1061,7 @@ struct connectdata {
unsigned char ip_version; /* copied from the Curl_easy at creation time */
unsigned char httpversion; /* the HTTP version*10 reported by the server */
unsigned char connect_only;
+ unsigned char gssapi_delegation; /* inherited from set.gssapi_delegation */
};
/* The end of connectdata. */
@@ -1374,7 +1379,7 @@ struct UrlState {
struct dynbuf trailers_buf; /* a buffer containing the compiled trailing
headers */
struct Curl_llist httphdrs; /* received headers */
- struct curl_header headerout; /* for external purposes */
+ struct curl_header headerout[2]; /* for external purposes */
struct Curl_header_store *prevhead; /* the latest added header */
trailers_state trailers_state; /* whether we are sending trailers
and what stage are we at */
@@ -1713,8 +1718,6 @@ struct UserDefined {
#ifndef CURL_DISABLE_NETRC
unsigned char use_netrc; /* enum CURL_NETRC_OPTION values */
#endif
- curl_usessl use_ssl; /* if AUTH TLS is to be attempted etc, for FTP or
- IMAP or POP3 or others! */
unsigned int new_file_perms; /* when creating remote files */
char *str[STRING_LAST]; /* array of strings, pointing to allocated memory */
struct curl_blob *blobs[BLOB_LAST];
@@ -1739,6 +1742,7 @@ struct UserDefined {
curl_fnmatch_callback fnmatch; /* callback to decide which file corresponds
to pattern (e.g. if WILDCARDMATCH is on) */
void *fnmatch_data;
+ void *wildcardptr;
#endif
/* GSS-API credential delegation, see the documentation of
CURLOPT_GSSAPI_DELEGATION */
@@ -1773,6 +1777,8 @@ struct UserDefined {
BIT(mail_rcpt_allowfails); /* allow RCPT TO command to fail for some
recipients */
#endif
+ unsigned char use_ssl; /* if AUTH TLS is to be attempted etc, for FTP or
+ IMAP or POP3 or others! (type: curl_usessl)*/
unsigned char connect_only; /* make connection/request, then let
application use the socket */
BIT(is_fread_set); /* has read callback been set to non-NULL? */
@@ -1934,7 +1940,7 @@ struct Curl_easy {
struct UrlState state; /* struct for fields used for state info and
other dynamic purposes */
#ifndef CURL_DISABLE_FTP
- struct WildcardData wildcard; /* wildcard download state info */
+ struct WildcardData *wildcard; /* wildcard download state info */
#endif
struct PureInfo info; /* stats, reports and info data */
struct curl_tlssessioninfo tsi; /* Information about the TLS session, only
diff --git a/libs/libcurl/src/version.c b/libs/libcurl/src/version.c
index 62b8f09aa4..c43e69fc3c 100644
--- a/libs/libcurl/src/version.c
+++ b/libs/libcurl/src/version.c
@@ -62,7 +62,15 @@
#endif
#ifdef HAVE_BROTLI
+#if defined(__GNUC__)
+/* Ignore -Wvla warnings in brotli headers */
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wvla"
+#endif
#include <brotli/decode.h>
+#if defined(__GNUC__)
+#pragma GCC diagnostic pop
+#endif
#endif
#ifdef HAVE_ZSTD
@@ -357,8 +365,7 @@ static const char * const protocols[] = {
#ifdef USE_SSH
"sftp",
#endif
-#if !defined(CURL_DISABLE_SMB) && defined(USE_CURL_NTLM_CORE) && \
- (SIZEOF_CURL_OFF_T > 4)
+#if !defined(CURL_DISABLE_SMB) && defined(USE_CURL_NTLM_CORE)
"smb",
# ifdef USE_SSL
"smbs",
diff --git a/libs/libcurl/src/vquic/curl_msh3.c b/libs/libcurl/src/vquic/curl_msh3.c
index 1b400ab5b9..94c0f829cb 100644
--- a/libs/libcurl/src/vquic/curl_msh3.c
+++ b/libs/libcurl/src/vquic/curl_msh3.c
@@ -548,7 +548,6 @@ static CURLcode cf_msh3_data_event(struct Curl_cfilter *cf,
struct Curl_easy *data,
int event, int arg1, void *arg2)
{
- struct cf_msh3_ctx *ctx = cf->ctx;
struct HTTP *stream = data->req.p.http;
CURLcode result = CURLE_OK;
@@ -579,11 +578,6 @@ static CURLcode cf_msh3_data_event(struct Curl_cfilter *cf,
DEBUGF(LOG_CF(data, cf, "req: update info"));
cf_msh3_active(cf, data);
break;
- case CF_CTRL_CONN_REPORT_STATS:
- if(cf->sockindex == FIRSTSOCKET)
- Curl_pgrsTimeWas(data, TIMER_APPCONNECT, ctx->handshake_at);
- break;
-
default:
break;
}
@@ -753,6 +747,19 @@ static CURLcode cf_msh3_query(struct Curl_cfilter *cf,
*pres1 = 100;
return CURLE_OK;
}
+ case CF_QUERY_TIMER_CONNECT: {
+ struct curltime *when = pres2;
+ /* we do not know when the first byte arrived */
+ if(cf->connected)
+ *when = ctx->handshake_at;
+ return CURLE_OK;
+ }
+ case CF_QUERY_TIMER_APPCONNECT: {
+ struct curltime *when = pres2;
+ if(cf->connected)
+ *when = ctx->handshake_at;
+ return CURLE_OK;
+ }
default:
break;
}
@@ -762,11 +769,13 @@ static CURLcode cf_msh3_query(struct Curl_cfilter *cf,
}
static bool cf_msh3_conn_is_alive(struct Curl_cfilter *cf,
- struct Curl_easy *data)
+ struct Curl_easy *data,
+ bool *input_pending)
{
struct cf_msh3_ctx *ctx = cf->ctx;
(void)data;
+ *input_pending = FALSE;
return ctx && ctx->sock[SP_LOCAL] != CURL_SOCKET_BAD && ctx->qconn &&
ctx->connected;
}
diff --git a/libs/libcurl/src/vquic/curl_ngtcp2.c b/libs/libcurl/src/vquic/curl_ngtcp2.c
index f42e220783..73d2ca5e5e 100644
--- a/libs/libcurl/src/vquic/curl_ngtcp2.c
+++ b/libs/libcurl/src/vquic/curl_ngtcp2.c
@@ -64,6 +64,8 @@
#include "vtls/vtls.h"
#include "curl_ngtcp2.h"
+#include "warnless.h"
+
/* The last 3 #include files should be in this order */
#include "curl_printf.h"
#include "curl_memory.h"
@@ -901,7 +903,7 @@ static int cf_ngtcp2_get_select_socks(struct Curl_cfilter *cf,
rv |= GETSOCK_READSOCK(0);
/* we're still uploading or the HTTP/2 layer wants to send data */
- if((k->keepon & (KEEP_SEND|KEEP_SEND_PAUSE)) == KEEP_SEND &&
+ if((k->keepon & KEEP_SENDBITS) == KEEP_SEND &&
(!stream->h3out || stream->h3out->used < H3_SEND_SIZE) &&
ngtcp2_conn_get_cwnd_left(ctx->qconn) &&
ngtcp2_conn_get_max_data_left(ctx->qconn) &&
@@ -951,7 +953,7 @@ static int cb_h3_stream_close(nghttp3_conn *conn, int64_t stream_id,
}
/*
- * write_resp_raw() copies resonse data in raw format to the `data`'s
+ * write_resp_raw() copies response data in raw format to the `data`'s
* receive buffer. If not enough space is available, it appends to the
* `data`'s overflow buffer.
*/
@@ -1762,7 +1764,7 @@ static CURLcode cf_process_ingress(struct Curl_cfilter *cf,
ssize_t recvd;
int rv;
uint8_t buf[65536];
- size_t bufsize = sizeof(buf);
+ int bufsize = (int)sizeof(buf);
size_t pktcount = 0, total_recvd = 0;
struct sockaddr_storage remote_addr;
socklen_t remote_addrlen;
@@ -2107,13 +2109,6 @@ static CURLcode cf_ngtcp2_data_event(struct Curl_cfilter *cf,
}
}
break;
- case CF_CTRL_CONN_REPORT_STATS:
- if(cf->sockindex == FIRSTSOCKET) {
- if(ctx->got_first_byte)
- Curl_pgrsTimeWas(data, TIMER_CONNECT, ctx->first_byte_at);
- Curl_pgrsTimeWas(data, TIMER_APPCONNECT, ctx->handshake_at);
- }
- break;
default:
break;
}
@@ -2127,7 +2122,6 @@ static void cf_ngtcp2_ctx_clear(struct cf_ngtcp2_ctx *ctx)
if(ctx->qlogfd != -1) {
close(ctx->qlogfd);
- ctx->qlogfd = -1;
}
#ifdef USE_OPENSSL
if(ctx->ssl)
@@ -2155,6 +2149,7 @@ static void cf_ngtcp2_ctx_clear(struct cf_ngtcp2_ctx *ctx)
ngtcp2_conn_del(ctx->qconn);
memset(ctx, 0, sizeof(*ctx));
+ ctx->qlogfd = -1;
ctx->call_data = save;
}
@@ -2176,7 +2171,7 @@ static void cf_ngtcp2_close(struct Curl_cfilter *cf, struct Curl_easy *data)
(uint8_t *)buffer, sizeof(buffer),
&ctx->last_error, ts);
if(rc > 0) {
- while((send(ctx->q.sockfd, buffer, rc, 0) == -1) &&
+ while((send(ctx->q.sockfd, buffer, (SEND_TYPE_ARG3)rc, 0) == -1) &&
SOCKERRNO == EINTR);
}
@@ -2200,6 +2195,7 @@ static void cf_ngtcp2_destroy(struct Curl_cfilter *cf, struct Curl_easy *data)
}
cf->ctx = NULL;
/* No CF_DATA_RESTORE(cf, save) possible */
+ (void)save;
}
/*
@@ -2428,6 +2424,18 @@ static CURLcode cf_ngtcp2_query(struct Curl_cfilter *cf,
else
*pres1 = -1;
return CURLE_OK;
+ case CF_QUERY_TIMER_CONNECT: {
+ struct curltime *when = pres2;
+ if(ctx->got_first_byte)
+ *when = ctx->first_byte_at;
+ return CURLE_OK;
+ }
+ case CF_QUERY_TIMER_APPCONNECT: {
+ struct curltime *when = pres2;
+ if(cf->connected)
+ *when = ctx->handshake_at;
+ return CURLE_OK;
+ }
default:
break;
}
@@ -2436,6 +2444,32 @@ static CURLcode cf_ngtcp2_query(struct Curl_cfilter *cf,
CURLE_UNKNOWN_OPTION;
}
+static bool cf_ngtcp2_conn_is_alive(struct Curl_cfilter *cf,
+ struct Curl_easy *data,
+ bool *input_pending)
+{
+ bool alive = TRUE;
+
+ *input_pending = FALSE;
+ if(!cf->next || !cf->next->cft->is_alive(cf->next, data, input_pending))
+ return FALSE;
+
+ if(*input_pending) {
+ /* This happens before we've sent off a request and the connection is
+ not in use by any other transfer, there shouldn't be any data here,
+ only "protocol frames" */
+ *input_pending = FALSE;
+ Curl_attach_connection(data, cf->conn);
+ if(cf_process_ingress(cf, data))
+ alive = FALSE;
+ else {
+ alive = TRUE;
+ }
+ Curl_detach_connection(data);
+ }
+
+ return alive;
+}
struct Curl_cftype Curl_cft_http3 = {
"HTTP/3",
@@ -2450,7 +2484,7 @@ struct Curl_cftype Curl_cft_http3 = {
cf_ngtcp2_send,
cf_ngtcp2_recv,
cf_ngtcp2_data_event,
- Curl_cf_def_conn_is_alive,
+ cf_ngtcp2_conn_is_alive,
Curl_cf_def_conn_keep_alive,
cf_ngtcp2_query,
};
@@ -2470,6 +2504,7 @@ CURLcode Curl_cf_ngtcp2_create(struct Curl_cfilter **pcf,
result = CURLE_OUT_OF_MEMORY;
goto out;
}
+ ctx->qlogfd = -1;
cf_ngtcp2_ctx_clear(ctx);
result = Curl_cf_create(&cf, &Curl_cft_http3, ctx);
diff --git a/libs/libcurl/src/vquic/curl_quiche.c b/libs/libcurl/src/vquic/curl_quiche.c
index 14f48b5c07..90f98a69d1 100644
--- a/libs/libcurl/src/vquic/curl_quiche.c
+++ b/libs/libcurl/src/vquic/curl_quiche.c
@@ -444,7 +444,7 @@ static CURLcode cf_process_ingress(struct Curl_cfilter *cf,
struct cf_quiche_ctx *ctx = cf->ctx;
int64_t stream3_id = data->req.p.http? data->req.p.http->stream3_id : -1;
uint8_t buf[65536];
- size_t bufsize = sizeof(buf);
+ int bufsize = (int)sizeof(buf);
struct sockaddr_storage remote_addr;
socklen_t remote_addrlen;
quiche_recv_info recv_info;
@@ -950,7 +950,7 @@ static int cf_quiche_get_select_socks(struct Curl_cfilter *cf,
rv |= GETSOCK_READSOCK(0);
/* we're still uploading or the HTTP/3 layer wants to send data */
- if(((k->keepon & (KEEP_SEND|KEEP_SEND_PAUSE)) == KEEP_SEND)
+ if(((k->keepon & KEEP_SENDBITS) == KEEP_SEND)
&& stream_is_writeable(cf, data))
rv |= GETSOCK_WRITESOCK(0);
@@ -1016,13 +1016,6 @@ static CURLcode cf_quiche_data_event(struct Curl_cfilter *cf,
case CF_CTRL_DATA_IDLE:
/* anything to do? */
break;
- case CF_CTRL_CONN_REPORT_STATS:
- if(cf->sockindex == FIRSTSOCKET) {
- if(ctx->got_first_byte)
- Curl_pgrsTimeWas(data, TIMER_CONNECT, ctx->first_byte_at);
- Curl_pgrsTimeWas(data, TIMER_APPCONNECT, ctx->handshake_at);
- }
- break;
default:
break;
}
@@ -1346,6 +1339,18 @@ static CURLcode cf_quiche_query(struct Curl_cfilter *cf,
else
*pres1 = -1;
return CURLE_OK;
+ case CF_QUERY_TIMER_CONNECT: {
+ struct curltime *when = pres2;
+ if(ctx->got_first_byte)
+ *when = ctx->first_byte_at;
+ return CURLE_OK;
+ }
+ case CF_QUERY_TIMER_APPCONNECT: {
+ struct curltime *when = pres2;
+ if(cf->connected)
+ *when = ctx->handshake_at;
+ return CURLE_OK;
+ }
default:
break;
}
@@ -1354,6 +1359,32 @@ static CURLcode cf_quiche_query(struct Curl_cfilter *cf,
CURLE_UNKNOWN_OPTION;
}
+static bool cf_quiche_conn_is_alive(struct Curl_cfilter *cf,
+ struct Curl_easy *data,
+ bool *input_pending)
+{
+ bool alive = TRUE;
+
+ *input_pending = FALSE;
+ if(!cf->next || !cf->next->cft->is_alive(cf->next, data, input_pending))
+ return FALSE;
+
+ if(*input_pending) {
+ /* This happens before we've sent off a request and the connection is
+ not in use by any other transfer, there shouldn't be any data here,
+ only "protocol frames" */
+ *input_pending = FALSE;
+ Curl_attach_connection(data, cf->conn);
+ if(cf_process_ingress(cf, data))
+ alive = FALSE;
+ else {
+ alive = TRUE;
+ }
+ Curl_detach_connection(data);
+ }
+
+ return alive;
+}
struct Curl_cftype Curl_cft_http3 = {
"HTTP/3",
@@ -1368,7 +1399,7 @@ struct Curl_cftype Curl_cft_http3 = {
cf_quiche_send,
cf_quiche_recv,
cf_quiche_data_event,
- Curl_cf_def_conn_is_alive,
+ cf_quiche_conn_is_alive,
Curl_cf_def_conn_keep_alive,
cf_quiche_query,
};
diff --git a/libs/libcurl/src/vquic/vquic.c b/libs/libcurl/src/vquic/vquic.c
index ae5dc09e60..be9e151669 100644
--- a/libs/libcurl/src/vquic/vquic.c
+++ b/libs/libcurl/src/vquic/vquic.c
@@ -167,7 +167,8 @@ static CURLcode do_sendmsg(struct Curl_cfilter *cf,
*psent = 0;
- while((sent = send(qctx->sockfd, (const char *)pkt, pktlen, 0)) == -1 &&
+ while((sent = send(qctx->sockfd,
+ (const char *)pkt, (SEND_TYPE_ARG3)pktlen, 0)) == -1 &&
SOCKERRNO == EINTR)
;
@@ -363,6 +364,10 @@ bool Curl_conn_is_http3(const struct Curl_easy *data,
CURLcode Curl_conn_may_http3(struct Curl_easy *data,
const struct connectdata *conn)
{
+ if(conn->transport == TRNSPRT_UNIX) {
+ /* cannot do QUIC over a unix domain socket */
+ return CURLE_QUIC_CONNECT_ERROR;
+ }
if(!(conn->handler->flags & PROTOPT_SSL)) {
failf(data, "HTTP/3 requested for non-HTTPS URL");
return CURLE_URL_MALFORMAT;
diff --git a/libs/libcurl/src/vssh/libssh.c b/libs/libcurl/src/vssh/libssh.c
index 50e225f806..3fdec459d9 100644
--- a/libs/libcurl/src/vssh/libssh.c
+++ b/libs/libcurl/src/vssh/libssh.c
@@ -685,7 +685,6 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
struct ssh_conn *sshc = &conn->proto.sshc;
curl_socket_t sock = conn->sock[FIRSTSOCKET];
int rc = SSH_NO_ERROR, err;
- char *new_readdir_line;
int seekerr = CURL_SEEKFUNC_OK;
const char *err_msg;
*block = 0; /* we're not blocking by default */
@@ -1432,7 +1431,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
break;
case SSH_SFTP_READDIR:
-
+ Curl_dyn_reset(&sshc->readdir_buf);
if(sshc->readdir_attrs)
sftp_attributes_free(sshc->readdir_attrs);
@@ -1468,17 +1467,12 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
sshc->readdir_len);
}
else {
- sshc->readdir_currLen = strlen(sshc->readdir_longentry);
- sshc->readdir_totalLen = 80 + sshc->readdir_currLen;
- sshc->readdir_line = calloc(sshc->readdir_totalLen, 1);
- if(!sshc->readdir_line) {
- state(data, SSH_SFTP_CLOSE);
+ if(Curl_dyn_add(&sshc->readdir_buf, sshc->readdir_longentry)) {
sshc->actualcode = CURLE_OUT_OF_MEMORY;
+ state(data, SSH_STOP);
break;
}
- memcpy(sshc->readdir_line, sshc->readdir_longentry,
- sshc->readdir_currLen);
if((sshc->readdir_attrs->flags & SSH_FILEXFER_ATTR_PERMISSIONS) &&
((sshc->readdir_attrs->permissions & SSH_S_IFMT) ==
SSH_S_IFLNK)) {
@@ -1541,24 +1535,11 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
Curl_safefree(sshc->readdir_linkPath);
- /* get room for the filename and extra output */
- sshc->readdir_totalLen += 4 + sshc->readdir_len;
- new_readdir_line = Curl_saferealloc(sshc->readdir_line,
- sshc->readdir_totalLen);
- if(!new_readdir_line) {
- sshc->readdir_line = NULL;
- state(data, SSH_SFTP_CLOSE);
+ if(Curl_dyn_addf(&sshc->readdir_buf, " -> %s",
+ sshc->readdir_filename)) {
sshc->actualcode = CURLE_OUT_OF_MEMORY;
break;
}
- sshc->readdir_line = new_readdir_line;
-
- sshc->readdir_currLen += msnprintf(sshc->readdir_line +
- sshc->readdir_currLen,
- sshc->readdir_totalLen -
- sshc->readdir_currLen,
- " -> %s",
- sshc->readdir_filename);
sftp_attributes_free(sshc->readdir_link_attrs);
sshc->readdir_link_attrs = NULL;
@@ -1568,21 +1549,19 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
state(data, SSH_SFTP_READDIR_BOTTOM);
/* FALLTHROUGH */
case SSH_SFTP_READDIR_BOTTOM:
- sshc->readdir_currLen += msnprintf(sshc->readdir_line +
- sshc->readdir_currLen,
- sshc->readdir_totalLen -
- sshc->readdir_currLen, "\n");
- result = Curl_client_write(data, CLIENTWRITE_BODY,
- sshc->readdir_line,
- sshc->readdir_currLen);
+ if(Curl_dyn_addn(&sshc->readdir_buf, "\n", 1))
+ result = CURLE_OUT_OF_MEMORY;
+ else
+ result = Curl_client_write(data, CLIENTWRITE_BODY,
+ Curl_dyn_ptr(&sshc->readdir_buf),
+ Curl_dyn_len(&sshc->readdir_buf));
if(!result) {
/* output debug output if that is requested */
- Curl_debug(data, CURLINFO_DATA_OUT, sshc->readdir_line,
- sshc->readdir_currLen);
- data->req.bytecount += sshc->readdir_currLen;
+ Curl_debug(data, CURLINFO_DATA_OUT, Curl_dyn_ptr(&sshc->readdir_buf),
+ Curl_dyn_len(&sshc->readdir_buf));
+ data->req.bytecount += Curl_dyn_len(&sshc->readdir_buf);
}
- Curl_safefree(sshc->readdir_line);
ssh_string_free_char(sshc->readdir_tmp);
sshc->readdir_tmp = NULL;
@@ -2021,7 +2000,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
Curl_safefree(sshc->rsa);
Curl_safefree(sshc->quote_path1);
Curl_safefree(sshc->quote_path2);
- Curl_safefree(sshc->readdir_line);
+ Curl_dyn_free(&sshc->readdir_buf);
Curl_safefree(sshc->readdir_linkPath);
SSH_STRING_FREE_CHAR(sshc->homedir);
@@ -2166,11 +2145,12 @@ static CURLcode myssh_setup_connection(struct Curl_easy *data,
struct connectdata *conn)
{
struct SSHPROTO *ssh;
- (void)conn;
+ struct ssh_conn *sshc = &conn->proto.sshc;
data->req.p.ssh = ssh = calloc(1, sizeof(struct SSHPROTO));
if(!ssh)
return CURLE_OUT_OF_MEMORY;
+ Curl_dyn_init(&sshc->readdir_buf, PATH_MAX * 2);
return CURLE_OK;
}
diff --git a/libs/libcurl/src/vssh/libssh2.c b/libs/libcurl/src/vssh/libssh2.c
index 19ad6c2f66..edc1c8f158 100644
--- a/libs/libcurl/src/vssh/libssh2.c
+++ b/libs/libcurl/src/vssh/libssh2.c
@@ -100,10 +100,11 @@
/* Local functions: */
static const char *sftp_libssh2_strerror(unsigned long err);
+#ifdef CURL_LIBSSH2_DEBUG
static LIBSSH2_ALLOC_FUNC(my_libssh2_malloc);
static LIBSSH2_REALLOC_FUNC(my_libssh2_realloc);
static LIBSSH2_FREE_FUNC(my_libssh2_free);
-
+#endif
static CURLcode ssh_force_knownhost_key_type(struct Curl_easy *data);
static CURLcode ssh_connect(struct Curl_easy *data, bool *done);
static CURLcode ssh_multi_statemach(struct Curl_easy *data, bool *done);
@@ -283,6 +284,8 @@ static CURLcode libssh2_session_error_to_CURLE(int err)
return CURLE_SSH;
}
+#ifdef CURL_LIBSSH2_DEBUG
+
static LIBSSH2_ALLOC_FUNC(my_libssh2_malloc)
{
(void)abstract; /* arg not used */
@@ -302,6 +305,8 @@ static LIBSSH2_FREE_FUNC(my_libssh2_free)
free(ptr);
}
+#endif
+
/*
* SSH State machine related code
*/
@@ -2400,7 +2405,6 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block)
result = Curl_dyn_addf(&sshp->readdir, " -> %s", sshp->readdir_filename);
if(result) {
- sshc->readdir_line = NULL;
Curl_safefree(sshp->readdir_filename);
Curl_safefree(sshp->readdir_longentry);
state(data, SSH_SFTP_CLOSE);
@@ -3004,12 +3008,9 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block)
Curl_safefree(sshc->rsa_pub);
Curl_safefree(sshc->rsa);
-
Curl_safefree(sshc->quote_path1);
Curl_safefree(sshc->quote_path2);
-
Curl_safefree(sshc->homedir);
- Curl_safefree(sshc->readdir_line);
/* the code we are about to return */
result = sshc->actualcode;
@@ -3268,9 +3269,13 @@ static CURLcode ssh_connect(struct Curl_easy *data, bool *done)
sock = conn->sock[FIRSTSOCKET];
#endif /* CURL_LIBSSH2_DEBUG */
+#ifdef CURL_LIBSSH2_DEBUG
sshc->ssh_session = libssh2_session_init_ex(my_libssh2_malloc,
my_libssh2_free,
my_libssh2_realloc, data);
+#else
+ sshc->ssh_session = libssh2_session_init();
+#endif
if(!sshc->ssh_session) {
failf(data, "Failure initialising ssh session");
return CURLE_FAILED_INIT;
diff --git a/libs/libcurl/src/vssh/ssh.h b/libs/libcurl/src/vssh/ssh.h
index 8fbe3a41b6..d310066369 100644
--- a/libs/libcurl/src/vssh/ssh.h
+++ b/libs/libcurl/src/vssh/ssh.h
@@ -147,7 +147,6 @@ struct ssh_conn {
char *homedir; /* when doing SFTP we figure out home dir in the
connect phase */
- char *readdir_line;
/* end of READDIR stuff */
int secondCreateDirs; /* counter use by the code to see if the
@@ -158,7 +157,8 @@ struct ssh_conn {
#if defined(USE_LIBSSH)
char *readdir_linkPath;
- size_t readdir_len, readdir_totalLen, readdir_currLen;
+ size_t readdir_len;
+ struct dynbuf readdir_buf;
/* our variables */
unsigned kbd_state; /* 0 or 1 */
ssh_key privkey;
diff --git a/libs/libcurl/src/vtls/nss.c b/libs/libcurl/src/vtls/nss.c
index a327255a7e..2bbf96ab96 100644
--- a/libs/libcurl/src/vtls/nss.c
+++ b/libs/libcurl/src/vtls/nss.c
@@ -1536,36 +1536,6 @@ static void nss_cleanup(void)
initialized = 0;
}
-/*
- * This function uses SSL_peek to determine connection status.
- *
- * Return codes:
- * 1 means the connection is still in place
- * 0 means the connection has been closed
- * -1 means the connection status is unknown
- */
-static int nss_check_cxn(struct Curl_cfilter *cf, struct Curl_easy *data)
-{
- struct ssl_connect_data *connssl = cf->ctx;
- struct ssl_backend_data *backend = connssl->backend;
- int rc;
- char buf;
-
- (void)data;
- DEBUGASSERT(backend);
-
- rc =
- PR_Recv(backend->handle, (void *)&buf, 1, PR_MSG_PEEK,
- PR_SecondsToInterval(1));
- if(rc > 0)
- return 1; /* connection still in place */
-
- if(rc == 0)
- return 0; /* connection has been closed */
-
- return -1; /* connection status unknown */
-}
-
static void close_one(struct ssl_connect_data *connssl)
{
/* before the cleanup, check whether we are using a client certificate */
@@ -2524,7 +2494,7 @@ const struct Curl_ssl Curl_ssl_nss = {
nss_init, /* init */
nss_cleanup, /* cleanup */
nss_version, /* version */
- nss_check_cxn, /* check_cxn */
+ Curl_none_check_cxn, /* check_cxn */
/* NSS has no shutdown function provided and thus always fail */
Curl_none_shutdown, /* shutdown */
nss_data_pending, /* data_pending */
diff --git a/libs/libcurl/src/vtls/openssl.c b/libs/libcurl/src/vtls/openssl.c
index 9d100a6d0d..c9cc52a184 100644
--- a/libs/libcurl/src/vtls/openssl.c
+++ b/libs/libcurl/src/vtls/openssl.c
@@ -1780,63 +1780,6 @@ static void ossl_cleanup(void)
Curl_tls_keylog_close();
}
-/*
- * This function is used to determine connection status.
- *
- * Return codes:
- * 1 means the connection is still in place
- * 0 means the connection has been closed
- * -1 means the connection status is unknown
- */
-static int ossl_check_cxn(struct Curl_cfilter *cf, struct Curl_easy *data)
-{
- /* SSL_peek takes data out of the raw recv buffer without peeking so we use
- recv MSG_PEEK instead. Bug #795 */
-#ifdef MSG_PEEK
- char buf;
- ssize_t nread;
- curl_socket_t sock = Curl_conn_cf_get_socket(cf, data);
- if(sock == CURL_SOCKET_BAD)
- return 0; /* no socket, consider closed */
- nread = recv((RECV_TYPE_ARG1)sock,
- (RECV_TYPE_ARG2)&buf, (RECV_TYPE_ARG3)1,
- (RECV_TYPE_ARG4)MSG_PEEK);
- if(nread == 0)
- return 0; /* connection has been closed */
- if(nread == 1)
- return 1; /* connection still in place */
- else if(nread == -1) {
- int err = SOCKERRNO;
- if(err == EINPROGRESS ||
-#if defined(EAGAIN) && (EAGAIN != EWOULDBLOCK)
- err == EAGAIN ||
-#endif
- err == EWOULDBLOCK)
- return 1; /* connection still in place */
- if(err == ECONNRESET ||
-#ifdef ECONNABORTED
- err == ECONNABORTED ||
-#endif
-#ifdef ENETDOWN
- err == ENETDOWN ||
-#endif
-#ifdef ENETRESET
- err == ENETRESET ||
-#endif
-#ifdef ESHUTDOWN
- err == ESHUTDOWN ||
-#endif
-#ifdef ETIMEDOUT
- err == ETIMEDOUT ||
-#endif
- err == ENOTCONN)
- return 0; /* connection has been closed */
- }
-#endif
- (void)data;
- return -1; /* connection status unknown */
-}
-
/* Selects an OpenSSL crypto engine
*/
static CURLcode ossl_set_engine(struct Curl_easy *data, const char *engine)
@@ -4820,7 +4763,7 @@ const struct Curl_ssl Curl_ssl_openssl = {
ossl_init, /* init */
ossl_cleanup, /* cleanup */
ossl_version, /* version */
- ossl_check_cxn, /* check_cxn */
+ Curl_none_check_cxn, /* check_cxn */
ossl_shutdown, /* shutdown */
ossl_data_pending, /* data_pending */
ossl_random, /* random */
diff --git a/libs/libcurl/src/vtls/schannel.c b/libs/libcurl/src/vtls/schannel.c
index 63e5c7670d..63f9b07690 100644
--- a/libs/libcurl/src/vtls/schannel.c
+++ b/libs/libcurl/src/vtls/schannel.c
@@ -264,128 +264,133 @@ set_ssl_version_min_max(DWORD *enabled_protocols,
/* longest is 26, buffer is slightly bigger */
#define LONGEST_ALG_ID 32
-#define CIPHEROPTION(X) \
- if(strcmp(#X, tmp) == 0) \
- return X
+#define CIPHEROPTION(x) {#x, x}
-static int
-get_alg_id_by_name(char *name)
-{
- char tmp[LONGEST_ALG_ID] = { 0 };
- char *nameEnd = strchr(name, ':');
- size_t n = nameEnd ? (size_t)(nameEnd - name) : strlen(name);
+struct algo {
+ const char *name;
+ int id;
+};
- /* reject too-long alg names */
- if(n > (LONGEST_ALG_ID - 1))
- return 0;
-
- strncpy(tmp, name, n);
- tmp[n] = 0;
- CIPHEROPTION(CALG_MD2);
- CIPHEROPTION(CALG_MD4);
- CIPHEROPTION(CALG_MD5);
- CIPHEROPTION(CALG_SHA);
- CIPHEROPTION(CALG_SHA1);
- CIPHEROPTION(CALG_MAC);
- CIPHEROPTION(CALG_RSA_SIGN);
- CIPHEROPTION(CALG_DSS_SIGN);
+static const struct algo algs[]= {
+ CIPHEROPTION(CALG_MD2),
+ CIPHEROPTION(CALG_MD4),
+ CIPHEROPTION(CALG_MD5),
+ CIPHEROPTION(CALG_SHA),
+ CIPHEROPTION(CALG_SHA1),
+ CIPHEROPTION(CALG_MAC),
+ CIPHEROPTION(CALG_RSA_SIGN),
+ CIPHEROPTION(CALG_DSS_SIGN),
/* ifdefs for the options that are defined conditionally in wincrypt.h */
#ifdef CALG_NO_SIGN
- CIPHEROPTION(CALG_NO_SIGN);
+ CIPHEROPTION(CALG_NO_SIGN),
#endif
- CIPHEROPTION(CALG_RSA_KEYX);
- CIPHEROPTION(CALG_DES);
+ CIPHEROPTION(CALG_RSA_KEYX),
+ CIPHEROPTION(CALG_DES),
#ifdef CALG_3DES_112
- CIPHEROPTION(CALG_3DES_112);
+ CIPHEROPTION(CALG_3DES_112),
#endif
- CIPHEROPTION(CALG_3DES);
- CIPHEROPTION(CALG_DESX);
- CIPHEROPTION(CALG_RC2);
- CIPHEROPTION(CALG_RC4);
- CIPHEROPTION(CALG_SEAL);
+ CIPHEROPTION(CALG_3DES),
+ CIPHEROPTION(CALG_DESX),
+ CIPHEROPTION(CALG_RC2),
+ CIPHEROPTION(CALG_RC4),
+ CIPHEROPTION(CALG_SEAL),
#ifdef CALG_DH_SF
- CIPHEROPTION(CALG_DH_SF);
+ CIPHEROPTION(CALG_DH_SF),
#endif
- CIPHEROPTION(CALG_DH_EPHEM);
+ CIPHEROPTION(CALG_DH_EPHEM),
#ifdef CALG_AGREEDKEY_ANY
- CIPHEROPTION(CALG_AGREEDKEY_ANY);
+ CIPHEROPTION(CALG_AGREEDKEY_ANY),
#endif
#ifdef CALG_HUGHES_MD5
- CIPHEROPTION(CALG_HUGHES_MD5);
+ CIPHEROPTION(CALG_HUGHES_MD5),
#endif
- CIPHEROPTION(CALG_SKIPJACK);
+ CIPHEROPTION(CALG_SKIPJACK),
#ifdef CALG_TEK
- CIPHEROPTION(CALG_TEK);
+ CIPHEROPTION(CALG_TEK),
#endif
- CIPHEROPTION(CALG_CYLINK_MEK);
- CIPHEROPTION(CALG_SSL3_SHAMD5);
+ CIPHEROPTION(CALG_CYLINK_MEK),
+ CIPHEROPTION(CALG_SSL3_SHAMD5),
#ifdef CALG_SSL3_MASTER
- CIPHEROPTION(CALG_SSL3_MASTER);
+ CIPHEROPTION(CALG_SSL3_MASTER),
#endif
#ifdef CALG_SCHANNEL_MASTER_HASH
- CIPHEROPTION(CALG_SCHANNEL_MASTER_HASH);
+ CIPHEROPTION(CALG_SCHANNEL_MASTER_HASH),
#endif
#ifdef CALG_SCHANNEL_MAC_KEY
- CIPHEROPTION(CALG_SCHANNEL_MAC_KEY);
+ CIPHEROPTION(CALG_SCHANNEL_MAC_KEY),
#endif
#ifdef CALG_SCHANNEL_ENC_KEY
- CIPHEROPTION(CALG_SCHANNEL_ENC_KEY);
+ CIPHEROPTION(CALG_SCHANNEL_ENC_KEY),
#endif
#ifdef CALG_PCT1_MASTER
- CIPHEROPTION(CALG_PCT1_MASTER);
+ CIPHEROPTION(CALG_PCT1_MASTER),
#endif
#ifdef CALG_SSL2_MASTER
- CIPHEROPTION(CALG_SSL2_MASTER);
+ CIPHEROPTION(CALG_SSL2_MASTER),
#endif
#ifdef CALG_TLS1_MASTER
- CIPHEROPTION(CALG_TLS1_MASTER);
+ CIPHEROPTION(CALG_TLS1_MASTER),
#endif
#ifdef CALG_RC5
- CIPHEROPTION(CALG_RC5);
+ CIPHEROPTION(CALG_RC5),
#endif
#ifdef CALG_HMAC
- CIPHEROPTION(CALG_HMAC);
+ CIPHEROPTION(CALG_HMAC),
#endif
#ifdef CALG_TLS1PRF
- CIPHEROPTION(CALG_TLS1PRF);
+ CIPHEROPTION(CALG_TLS1PRF),
#endif
#ifdef CALG_HASH_REPLACE_OWF
- CIPHEROPTION(CALG_HASH_REPLACE_OWF);
+ CIPHEROPTION(CALG_HASH_REPLACE_OWF),
#endif
#ifdef CALG_AES_128
- CIPHEROPTION(CALG_AES_128);
+ CIPHEROPTION(CALG_AES_128),
#endif
#ifdef CALG_AES_192
- CIPHEROPTION(CALG_AES_192);
+ CIPHEROPTION(CALG_AES_192),
#endif
#ifdef CALG_AES_256
- CIPHEROPTION(CALG_AES_256);
+ CIPHEROPTION(CALG_AES_256),
#endif
#ifdef CALG_AES
- CIPHEROPTION(CALG_AES);
+ CIPHEROPTION(CALG_AES),
#endif
#ifdef CALG_SHA_256
- CIPHEROPTION(CALG_SHA_256);
+ CIPHEROPTION(CALG_SHA_256),
#endif
#ifdef CALG_SHA_384
- CIPHEROPTION(CALG_SHA_384);
+ CIPHEROPTION(CALG_SHA_384),
#endif
#ifdef CALG_SHA_512
- CIPHEROPTION(CALG_SHA_512);
+ CIPHEROPTION(CALG_SHA_512),
#endif
#ifdef CALG_ECDH
- CIPHEROPTION(CALG_ECDH);
+ CIPHEROPTION(CALG_ECDH),
#endif
#ifdef CALG_ECMQV
- CIPHEROPTION(CALG_ECMQV);
+ CIPHEROPTION(CALG_ECMQV),
#endif
#ifdef CALG_ECDSA
- CIPHEROPTION(CALG_ECDSA);
+ CIPHEROPTION(CALG_ECDSA),
#endif
#ifdef CALG_ECDH_EPHEM
- CIPHEROPTION(CALG_ECDH_EPHEM);
+ CIPHEROPTION(CALG_ECDH_EPHEM),
#endif
- return 0;
+ {NULL, 0},
+};
+
+static int
+get_alg_id_by_name(char *name)
+{
+ char *nameEnd = strchr(name, ':');
+ size_t n = nameEnd ? (size_t)(nameEnd - name) : strlen(name);
+ int i;
+
+ for(i = 0; algs[i].name; i++) {
+ if((n == strlen(algs[i].name) && !strncmp(algs[i].name, name, n)))
+ return algs[i].id;
+ }
+ return 0; /* not found */
}
#define NUM_CIPHERS 47 /* There are 47 options listed above */
@@ -1201,18 +1206,18 @@ schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
/* The first four bytes will be an unsigned int indicating number
of bytes of data in the rest of the buffer. */
extension_len = (unsigned int *)(void *)(&alpn_buffer[cur]);
- cur += sizeof(unsigned int);
+ cur += (int)sizeof(unsigned int);
/* The next four bytes are an indicator that this buffer will contain
ALPN data, as opposed to NPN, for example. */
*(unsigned int *)(void *)&alpn_buffer[cur] =
SecApplicationProtocolNegotiationExt_ALPN;
- cur += sizeof(unsigned int);
+ cur += (int)sizeof(unsigned int);
/* The next two bytes will be an unsigned short indicating the number
of bytes used to list the preferred protocols. */
list_len = (unsigned short*)(void *)(&alpn_buffer[cur]);
- cur += sizeof(unsigned short);
+ cur += (int)sizeof(unsigned short);
list_start_index = cur;
@@ -1225,7 +1230,9 @@ schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
cur += proto.len;
*list_len = curlx_uitous(cur - list_start_index);
- *extension_len = *list_len + sizeof(unsigned int) + sizeof(unsigned short);
+ *extension_len = *list_len +
+ (unsigned short)sizeof(unsigned int) +
+ (unsigned short)sizeof(unsigned short);
InitSecBuffer(&inbuf, SECBUFFER_APPLICATION_PROTOCOLS, alpn_buffer, cur);
InitSecBufferDesc(&inbuf_desc, &inbuf, 1);
diff --git a/libs/libcurl/src/vtls/sectransp.c b/libs/libcurl/src/vtls/sectransp.c
index 953b624f2b..81ab9ab061 100644
--- a/libs/libcurl/src/vtls/sectransp.c
+++ b/libs/libcurl/src/vtls/sectransp.c
@@ -2150,50 +2150,39 @@ static long pem_to_der(const char *in, unsigned char **out, size_t *outlen)
return sep_end - in;
}
+#define MAX_CERTS_SIZE (50*1024*1024) /* arbitrary - to catch mistakes */
+
static int read_cert(const char *file, unsigned char **out, size_t *outlen)
{
int fd;
- ssize_t n, len = 0, cap = 512;
- unsigned char buf[512], *data;
+ ssize_t n;
+ unsigned char buf[512];
+ struct dynbuf certs;
+
+ Curl_dyn_init(&certs, MAX_CERTS_SIZE);
fd = open(file, 0);
if(fd < 0)
return -1;
- data = malloc(cap);
- if(!data) {
- close(fd);
- return -1;
- }
-
for(;;) {
n = read(fd, buf, sizeof(buf));
+ if(!n)
+ break;
if(n < 0) {
close(fd);
- free(data);
+ Curl_dyn_free(&certs);
return -1;
}
- else if(n == 0) {
+ if(Curl_dyn_addn(&certs, buf, n)) {
close(fd);
- break;
- }
-
- if(len + n >= cap) {
- cap *= 2;
- data = Curl_saferealloc(data, cap);
- if(!data) {
- close(fd);
- return -1;
- }
+ return -1;
}
-
- memcpy(data + len, buf, n);
- len += n;
}
- data[len] = '\0';
+ close(fd);
- *out = data;
- *outlen = len;
+ *out = Curl_dyn_uptr(&certs);
+ *outlen = Curl_dyn_len(&certs);
return 0;
}
@@ -2202,16 +2191,18 @@ static int append_cert_to_array(struct Curl_easy *data,
const unsigned char *buf, size_t buflen,
CFMutableArrayRef array)
{
- CFDataRef certdata = CFDataCreate(kCFAllocatorDefault, buf, buflen);
char *certp;
CURLcode result;
+ SecCertificateRef cacert;
+ CFDataRef certdata;
+
+ certdata = CFDataCreate(kCFAllocatorDefault, buf, buflen);
if(!certdata) {
failf(data, "SSL: failed to allocate array for CA certificate");
return CURLE_OUT_OF_MEMORY;
}
- SecCertificateRef cacert =
- SecCertificateCreateWithData(kCFAllocatorDefault, certdata);
+ cacert = SecCertificateCreateWithData(kCFAllocatorDefault, certdata);
CFRelease(certdata);
if(!cacert) {
failf(data, "SSL: failed to create SecCertificate from CA certificate");
@@ -2425,11 +2416,15 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data,
do {
SecTrustRef trust;
- OSStatus ret = SSLCopyPeerTrust(ctx, &trust);
+ OSStatus ret;
+ SecKeyRef keyRef;
+ OSStatus success;
+
+ ret = SSLCopyPeerTrust(ctx, &trust);
if(ret != noErr || !trust)
break;
- SecKeyRef keyRef = SecTrustCopyPublicKey(trust);
+ keyRef = SecTrustCopyPublicKey(trust);
CFRelease(trust);
if(!keyRef)
break;
@@ -2443,8 +2438,8 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data,
#elif SECTRANSP_PINNEDPUBKEY_V2
- OSStatus success = SecItemExport(keyRef, kSecFormatOpenSSL, 0, NULL,
- &publicKeyBits);
+ success = SecItemExport(keyRef, kSecFormatOpenSSL, 0, NULL,
+ &publicKeyBits);
CFRelease(keyRef);
if(success != errSecSuccess || !publicKeyBits)
break;
@@ -2987,12 +2982,13 @@ static CURLcode sectransp_connect_step3(struct Curl_cfilter *cf,
struct Curl_easy *data)
{
struct ssl_connect_data *connssl = cf->ctx;
+ CURLcode result;
DEBUGF(LOG_CF(data, cf, "connect_step3"));
/* There is no step 3!
* Well, okay, let's collect server certificates, and if verbose mode is on,
* let's print the details of the server certificates. */
- const CURLcode result = collect_server_cert(cf, data);
+ result = collect_server_cert(cf, data);
if(result)
return result;
@@ -3237,35 +3233,6 @@ static size_t sectransp_version(char *buffer, size_t size)
return msnprintf(buffer, size, "SecureTransport");
}
-/*
- * This function uses SSLGetSessionState to determine connection status.
- *
- * Return codes:
- * 1 means the connection is still in place
- * 0 means the connection has been closed
- * -1 means the connection status is unknown
- */
-static int sectransp_check_cxn(struct Curl_cfilter *cf,
- struct Curl_easy *data)
-{
- struct ssl_connect_data *connssl = cf->ctx;
- struct ssl_backend_data *backend = connssl->backend;
- OSStatus err;
- SSLSessionState state;
-
- (void)data;
- DEBUGASSERT(backend);
-
- if(backend->ssl_ctx) {
- DEBUGF(LOG_CF(data, cf, "check connection"));
- err = SSLGetSessionState(backend->ssl_ctx, &state);
- if(err == noErr)
- return state == kSSLConnected || state == kSSLHandshake;
- return -1;
- }
- return 0;
-}
-
static bool sectransp_data_pending(struct Curl_cfilter *cf,
const struct Curl_easy *data)
{
@@ -3410,13 +3377,15 @@ static ssize_t sectransp_recv(struct Curl_cfilter *cf,
DEBUGASSERT(backend);
again:
+ *curlcode = CURLE_OK;
err = SSLRead(backend->ssl_ctx, buf, buffersize, &processed);
if(err != noErr) {
switch(err) {
case errSSLWouldBlock: /* return how much we read (if anything) */
- if(processed)
+ if(processed) {
return (ssize_t)processed;
+ }
*curlcode = CURLE_AGAIN;
return -1L;
break;
@@ -3428,7 +3397,7 @@ static ssize_t sectransp_recv(struct Curl_cfilter *cf,
case errSSLClosedGraceful:
case errSSLClosedNoNotify:
*curlcode = CURLE_OK;
- return -1L;
+ return 0;
break;
/* The below is errSSLPeerAuthCompleted; it's not defined in
@@ -3439,8 +3408,10 @@ static ssize_t sectransp_recv(struct Curl_cfilter *cf,
CURLcode result = verify_cert(cf, data, conn_config->CAfile,
conn_config->ca_info_blob,
backend->ssl_ctx);
- if(result)
- return result;
+ if(result) {
+ *curlcode = result;
+ return -1;
+ }
}
goto again;
default:
@@ -3477,7 +3448,7 @@ const struct Curl_ssl Curl_ssl_sectransp = {
Curl_none_init, /* init */
Curl_none_cleanup, /* cleanup */
sectransp_version, /* version */
- sectransp_check_cxn, /* check_cxn */
+ Curl_none_check_cxn, /* check_cxn */
sectransp_shutdown, /* shutdown */
sectransp_data_pending, /* data_pending */
sectransp_random, /* random */
diff --git a/libs/libcurl/src/vtls/vtls.c b/libs/libcurl/src/vtls/vtls.c
index fd1d7fc075..1f618d9aac 100644
--- a/libs/libcurl/src/vtls/vtls.c
+++ b/libs/libcurl/src/vtls/vtls.c
@@ -1604,16 +1604,11 @@ static CURLcode ssl_cf_cntrl(struct Curl_cfilter *cf,
struct Curl_easy *data,
int event, int arg1, void *arg2)
{
- struct ssl_connect_data *connssl = cf->ctx;
struct cf_call_data save;
(void)arg1;
(void)arg2;
switch(event) {
- case CF_CTRL_CONN_REPORT_STATS:
- if(cf->sockindex == FIRSTSOCKET && !Curl_ssl_cf_is_proxy(cf))
- Curl_pgrsTimeWas(data, TIMER_APPCONNECT, connssl->handshake_done);
- break;
case CF_CTRL_DATA_ATTACH:
if(Curl_ssl->attach_data) {
CF_DATA_SAVE(save, cf, data);
@@ -1634,10 +1629,32 @@ static CURLcode ssl_cf_cntrl(struct Curl_cfilter *cf,
return CURLE_OK;
}
-static bool cf_ssl_is_alive(struct Curl_cfilter *cf, struct Curl_easy *data)
+static CURLcode ssl_cf_query(struct Curl_cfilter *cf,
+ struct Curl_easy *data,
+ int query, int *pres1, void *pres2)
+{
+ struct ssl_connect_data *connssl = cf->ctx;
+
+ switch(query) {
+ case CF_QUERY_TIMER_APPCONNECT: {
+ struct curltime *when = pres2;
+ if(cf->connected && !Curl_ssl_cf_is_proxy(cf))
+ *when = connssl->handshake_done;
+ return CURLE_OK;
+ }
+ default:
+ break;
+ }
+ return cf->next?
+ cf->next->cft->query(cf->next, data, query, pres1, pres2) :
+ CURLE_UNKNOWN_OPTION;
+}
+
+static bool cf_ssl_is_alive(struct Curl_cfilter *cf, struct Curl_easy *data,
+ bool *input_pending)
{
struct cf_call_data save;
- bool result;
+ int result;
/*
* This function tries to determine connection status.
*
@@ -1647,9 +1664,20 @@ static bool cf_ssl_is_alive(struct Curl_cfilter *cf, struct Curl_easy *data)
* -1 means the connection status is unknown
*/
CF_DATA_SAVE(save, cf, data);
- result = Curl_ssl->check_cxn(cf, data) != 0;
+ result = Curl_ssl->check_cxn(cf, data);
CF_DATA_RESTORE(cf, save);
- return result;
+ if(result > 0) {
+ *input_pending = TRUE;
+ return TRUE;
+ }
+ if(result == 0) {
+ *input_pending = FALSE;
+ return FALSE;
+ }
+ /* ssl backend does not know */
+ return cf->next?
+ cf->next->cft->is_alive(cf->next, data, input_pending) :
+ FALSE; /* pessimistic in absence of data */
}
struct Curl_cftype Curl_cft_ssl = {
@@ -1667,7 +1695,7 @@ struct Curl_cftype Curl_cft_ssl = {
ssl_cf_cntrl,
cf_ssl_is_alive,
Curl_cf_def_conn_keep_alive,
- Curl_cf_def_query,
+ ssl_cf_query,
};
struct Curl_cftype Curl_cft_ssl_proxy = {
diff --git a/libs/libcurl/src/vtls/wolfssl.c b/libs/libcurl/src/vtls/wolfssl.c
index b3e6cf4d19..8918e3554a 100644
--- a/libs/libcurl/src/vtls/wolfssl.c
+++ b/libs/libcurl/src/vtls/wolfssl.c
@@ -94,6 +94,7 @@
struct ssl_backend_data {
SSL_CTX* ctx;
SSL* handle;
+ CURLcode io_result; /* result of last BIO cfilter operation */
};
#ifdef OPENSSL_EXTRA
@@ -279,12 +280,16 @@ static long bio_cf_ctrl(WOLFSSL_BIO *bio, int cmd, long num, void *ptr)
static int bio_cf_out_write(WOLFSSL_BIO *bio, const char *buf, int blen)
{
struct Curl_cfilter *cf = wolfSSL_BIO_get_data(bio);
+ struct ssl_connect_data *connssl = cf->ctx;
struct Curl_easy *data = CF_DATA_CURRENT(cf);
ssize_t nwritten;
CURLcode result = CURLE_OK;
DEBUGASSERT(data);
nwritten = Curl_conn_cf_send(cf->next, data, buf, blen, &result);
+ connssl->backend->io_result = result;
+ DEBUGF(LOG_CF(data, cf, "bio_write(len=%d) -> %zd, %d",
+ blen, nwritten, result));
wolfSSL_BIO_clear_retry_flags(bio);
if(nwritten < 0 && CURLE_AGAIN == result)
BIO_set_retry_read(bio);
@@ -294,6 +299,7 @@ static int bio_cf_out_write(WOLFSSL_BIO *bio, const char *buf, int blen)
static int bio_cf_in_read(WOLFSSL_BIO *bio, char *buf, int blen)
{
struct Curl_cfilter *cf = wolfSSL_BIO_get_data(bio);
+ struct ssl_connect_data *connssl = cf->ctx;
struct Curl_easy *data = CF_DATA_CURRENT(cf);
ssize_t nread;
CURLcode result = CURLE_OK;
@@ -304,6 +310,9 @@ static int bio_cf_in_read(WOLFSSL_BIO *bio, char *buf, int blen)
return 0;
nread = Curl_conn_cf_recv(cf->next, data, buf, blen, &result);
+ connssl->backend->io_result = result;
+ DEBUGF(LOG_CF(data, cf, "bio_read(len=%d) -> %zd, %d",
+ blen, nread, result));
wolfSSL_BIO_clear_retry_flags(bio);
if(nread < 0 && CURLE_AGAIN == result)
BIO_set_retry_read(bio);
@@ -789,6 +798,9 @@ wolfssl_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
}
}
#endif
+ else if(backend->io_result == CURLE_AGAIN) {
+ return CURLE_OK;
+ }
else {
failf(data, "SSL_connect failed with error %d: %s", detail,
ERR_error_string(detail, error_buffer));
@@ -948,7 +960,6 @@ static ssize_t wolfssl_send(struct Curl_cfilter *cf,
ERR_clear_error();
rc = SSL_write(backend->handle, mem, memlen);
-
if(rc <= 0) {
int err = SSL_get_error(backend->handle, rc);
@@ -956,9 +967,17 @@ static ssize_t wolfssl_send(struct Curl_cfilter *cf,
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
/* there's data pending, re-invoke SSL_write() */
+ DEBUGF(LOG_CF(data, cf, "wolfssl_send(len=%zu) -> AGAIN", len));
*curlcode = CURLE_AGAIN;
return -1;
default:
+ if(backend->io_result == CURLE_AGAIN) {
+ DEBUGF(LOG_CF(data, cf, "wolfssl_send(len=%zu) -> AGAIN", len));
+ *curlcode = CURLE_AGAIN;
+ return -1;
+ }
+ DEBUGF(LOG_CF(data, cf, "wolfssl_send(len=%zu) -> %d, %d",
+ len, rc, err));
failf(data, "SSL write: %s, errno %d",
ERR_error_string(err, error_buffer),
SOCKERRNO);
@@ -966,6 +985,7 @@ static ssize_t wolfssl_send(struct Curl_cfilter *cf,
return -1;
}
}
+ DEBUGF(LOG_CF(data, cf, "wolfssl_send(len=%zu) -> %d", len, rc));
return rc;
}
@@ -995,19 +1015,19 @@ static void wolfssl_close(struct Curl_cfilter *cf, struct Curl_easy *data)
static ssize_t wolfssl_recv(struct Curl_cfilter *cf,
struct Curl_easy *data,
- char *buf,
- size_t buffersize,
+ char *buf, size_t blen,
CURLcode *curlcode)
{
struct ssl_connect_data *connssl = cf->ctx;
struct ssl_backend_data *backend = connssl->backend;
char error_buffer[WOLFSSL_MAX_ERROR_SZ];
- int buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize;
+ int buffsize = (blen > (size_t)INT_MAX) ? INT_MAX : (int)blen;
int nread;
DEBUGASSERT(backend);
ERR_clear_error();
+ *curlcode = CURLE_OK;
nread = SSL_read(backend->handle, buf, buffsize);
@@ -1016,22 +1036,31 @@ static ssize_t wolfssl_recv(struct Curl_cfilter *cf,
switch(err) {
case SSL_ERROR_ZERO_RETURN: /* no more data */
- break;
+ DEBUGF(LOG_CF(data, cf, "wolfssl_recv(len=%zu) -> CLOSED", blen));
+ *curlcode = CURLE_OK;
+ return 0;
case SSL_ERROR_NONE:
/* FALLTHROUGH */
case SSL_ERROR_WANT_READ:
/* FALLTHROUGH */
case SSL_ERROR_WANT_WRITE:
/* there's data pending, re-invoke SSL_read() */
+ DEBUGF(LOG_CF(data, cf, "wolfssl_recv(len=%zu) -> AGAIN", blen));
*curlcode = CURLE_AGAIN;
return -1;
default:
+ if(backend->io_result == CURLE_AGAIN) {
+ DEBUGF(LOG_CF(data, cf, "wolfssl_recv(len=%zu) -> AGAIN", blen));
+ *curlcode = CURLE_AGAIN;
+ return -1;
+ }
failf(data, "SSL read: %s, errno %d",
ERR_error_string(err, error_buffer), SOCKERRNO);
*curlcode = CURLE_RECV_ERROR;
return -1;
}
}
+ DEBUGF(LOG_CF(data, cf, "wolfssl_recv(len=%zu) -> %d", blen, nread));
return nread;
}
diff --git a/libs/libcurl/src/vtls/x509asn1.c b/libs/libcurl/src/vtls/x509asn1.c
index 31b84dc448..cf673b349f 100644
--- a/libs/libcurl/src/vtls/x509asn1.c
+++ b/libs/libcurl/src/vtls/x509asn1.c
@@ -1118,7 +1118,7 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data,
for(ccp = cert.version.beg; ccp < cert.version.end; ccp++)
version = (version << 8) | *(const unsigned char *) ccp;
if(data->set.ssl.certinfo) {
- ccp = curl_maprintf("%lx", version);
+ ccp = curl_maprintf("%x", version);
if(!ccp)
return CURLE_OUT_OF_MEMORY;
result = Curl_ssl_push_certinfo(data, certnum, "Version", ccp);
@@ -1127,7 +1127,7 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data,
return result;
}
if(!certnum)
- infof(data, " Version: %lu (0x%lx)", version + 1, version);
+ infof(data, " Version: %u (0x%x)", version + 1, version);
/* Serial number. */
ccp = ASN1tostr(&cert.serialNumber, 0);
diff --git a/libs/libcurl/src/wildcard.c b/libs/libcurl/src/wildcard.c
deleted file mode 100644
index ba7f4e0d7f..0000000000
--- a/libs/libcurl/src/wildcard.c
+++ /dev/null
@@ -1,75 +0,0 @@
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at https://curl.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * SPDX-License-Identifier: curl
- *
- ***************************************************************************/
-
-#include "curl_setup.h"
-
-#ifndef CURL_DISABLE_FTP
-
-#include "wildcard.h"
-#include "llist.h"
-#include "fileinfo.h"
-/* The last 3 #include files should be in this order */
-#include "curl_printf.h"
-#include "curl_memory.h"
-#include "memdebug.h"
-
-static void fileinfo_dtor(void *user, void *element)
-{
- (void)user;
- Curl_fileinfo_cleanup(element);
-}
-
-CURLcode Curl_wildcard_init(struct WildcardData *wc)
-{
- Curl_llist_init(&wc->filelist, fileinfo_dtor);
- wc->state = CURLWC_INIT;
-
- return CURLE_OK;
-}
-
-void Curl_wildcard_dtor(struct WildcardData *wc)
-{
- if(!wc)
- return;
-
- if(wc->dtor) {
- wc->dtor(wc->protdata);
- wc->dtor = ZERO_NULL;
- wc->protdata = NULL;
- }
- DEBUGASSERT(wc->protdata == NULL);
-
- Curl_llist_destroy(&wc->filelist, NULL);
-
-
- free(wc->path);
- wc->path = NULL;
- free(wc->pattern);
- wc->pattern = NULL;
-
- wc->customptr = NULL;
- wc->state = CURLWC_INIT;
-}
-
-#endif /* if disabled */
diff --git a/libs/libcurl/src/wildcard.h b/libs/libcurl/src/wildcard.h
deleted file mode 100644
index b028818402..0000000000
--- a/libs/libcurl/src/wildcard.h
+++ /dev/null
@@ -1,70 +0,0 @@
-#ifndef HEADER_CURL_WILDCARD_H
-#define HEADER_CURL_WILDCARD_H
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at https://curl.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * SPDX-License-Identifier: curl
- *
- ***************************************************************************/
-
-#include "curl_setup.h"
-
-#ifndef CURL_DISABLE_FTP
-#include <curl/curl.h>
-#include "llist.h"
-
-/* list of wildcard process states */
-typedef enum {
- CURLWC_CLEAR = 0,
- CURLWC_INIT = 1,
- CURLWC_MATCHING, /* library is trying to get list of addresses for
- downloading */
- CURLWC_DOWNLOADING,
- CURLWC_CLEAN, /* deallocate resources and reset settings */
- CURLWC_SKIP, /* skip over concrete file */
- CURLWC_ERROR, /* error cases */
- CURLWC_DONE /* if is wildcard->state == CURLWC_DONE wildcard loop
- will end */
-} wildcard_states;
-
-typedef void (*wildcard_dtor)(void *ptr);
-
-/* struct keeping information about wildcard download process */
-struct WildcardData {
- wildcard_states state;
- char *path; /* path to the directory, where we trying wildcard-match */
- char *pattern; /* wildcard pattern */
- struct Curl_llist filelist; /* llist with struct Curl_fileinfo */
- void *protdata; /* pointer to protocol specific temporary data */
- wildcard_dtor dtor;
- void *customptr; /* for CURLOPT_CHUNK_DATA pointer */
-};
-
-CURLcode Curl_wildcard_init(struct WildcardData *wc);
-void Curl_wildcard_dtor(struct WildcardData *wc);
-
-struct Curl_easy;
-
-#else
-/* FTP is disabled */
-#define Curl_wildcard_dtor(x)
-#endif
-
-#endif /* HEADER_CURL_WILDCARD_H */
diff --git a/libs/libcurl/src/ws.c b/libs/libcurl/src/ws.c
index 861c766525..998f75af72 100644
--- a/libs/libcurl/src/ws.c
+++ b/libs/libcurl/src/ws.c
@@ -166,10 +166,6 @@ CURLcode Curl_ws_accept(struct Curl_easy *data,
}
k->upgr101 = UPGR101_RECEIVED;
- if(data->set.connect_only)
- /* switch off non-blocking sockets */
- (void)curlx_nonblock(conn->sock[FIRSTSOCKET], FALSE);
-
return result;
}
@@ -750,9 +746,6 @@ CURLcode Curl_ws_disconnect(struct Curl_easy *data,
(void)data;
(void)dead_connection;
Curl_dyn_free(&wsc->early);
-
- /* make sure this is non-blocking to avoid getting stuck in shutdown */
- (void)curlx_nonblock(conn->sock[FIRSTSOCKET], TRUE);
return CURLE_OK;
}
--
cgit v1.2.3